How Should Your Company Handle a Ransomware Attack?

These days, it seems that ransomware hits the headlines every week and cyber criminals are getting more advanced and creative every day. A ransomware data loss incident can be expensive—in 2022, the average cost of a ransomware attack, not including the cost of the ransom itself was $4.54 million. And money isn’t everything. The effect of downtime, data loss, and damaged reputation can be just as detrimental as the financial cost. The hard truth is that ransomware is something your company needs to prepare for because the chances are that someone may already be trying to attack your systems and data. Let’s explore what ransomware is and how your company can manage the risks

What is ransomware?

Ransomware is an invasive malware attack in which the cyber criminal encrypts your data or files and holds them “hostage” until a ransom is paid. Sometimes, in cases of “double extortion,” the attackers threaten to release the data publicly. Some of the most common methods of infiltration are:

  • Phishing—Cyber criminals send mass emails claiming to be from a reputable company or organization and request confidential information (e.g., a password or credit card number) or ask you to click on a link (that then installs malware on your computer).

  • Smishing—Much like phishing but through the use of text messages. 
     

Recover from Ransomware

Why should your company protect itself against ransomware?

In 2022, the government of Costa Rica declared a national emergency due to a ransomware attack that wreaked havoc on their health care system and economy. The attackers asked for a ransom of $10 million (later raising the price to $20 million). Toyota had to stop production at 14 plants last year due to a ransomware attack. No matter how big or small your company is or what industry you’re in, ransomware should be a top concern for your operations. Detrimental effects include:

  • Loss of important business data, such as customer or employee confidential information, financial records, or proprietary information and trade secrets

  • Loss of productivity and revenue

  • Damage to brand loyalty and reputation

  • Financial loss due to loss of customers, decreased productivity, or ransom payment

  • Penalties for non-compliance with legal requirements for data security (depending on what industry you’re in)

The damage from ransomware can range from annoying to irreparable. Protecting yourself from an attack and preparing for recovery in the case of an attack should be a key part of any cyber recovery plan. Yet, 79 percent of companies have yet to deploy a zero-trust architecture. If you’re one of those companies, read on to learn how you can decrease your chances of being the next victim and increase your chances for a smooth recovery if you do get hit with ransomware.

How should your company handle ransomware attacks?

Handling ransomware attacks boils down to two strategies—prevention and recovery. While it’s impossible for any ransomware prevention strategy to guarantee you’ll never fall victim, you can certainly minimize the risk of downtime and make it difficult for attackers to halt your operations by using Rubrik Security Cloud that implements zero-trust data security to protect your data with immutable backups, continuously monitor for  threats to your data, and to help you recover with ease. In the event that cyber criminals manage to infiltrate your systems despite the very best preventive measures, isolating affected systems, determining the scope of the damage, and identifying your latest clean recovery point becomes integral to a smooth and swift recovery.

Typically, the responsibility for preventing and recovering from a ransomware infection falls on your IT team and  cybersecurity department (if one exists). They should be conducting regular security assessments to identify vulnerabilities in your infrastructure and networks and implementing best practices for security controls. In addition, your company should have a thorough incident response plan for recovering your data from backups should an infiltration occur. Whoever is in charge of your cybersecurity, be sure they’re:

  • Scanning your network for known malware file extensions

  • Monitoring your systems for any unusual activity, like increased file renaming

  • Looking for early warning signs, like unexpected network scanners, unauthorized access to the Active Directory, or the appearance of software removal programs

  • Keeping antivirus software updated

However, the cybersecurity of your company and your most confidential information cannot be the purview of IT alone—educating your employees and holding them accountable for knowing and implementing cybersecurity policies will decrease your chances of an attack. And bringing in experts, like Rubrik, to protect and monitor your data as well as ensure a swift recovery in the event of a data breach, can give you and your business peace of mind.