Hostage situations. Something you would never want to deal with as a business owner. You didn’t get in the business of negotiating with terrorists – you got in business to make money. Yet, thousands of small businesses are finding that that’s the exact scenario they’re in when they’re infected with ransomware. What is ransomware? Ransomware is when a cyber criminal hacks into your system and prevents access to your data until you pay their ransom. Some forms of ransomware even encrypt files on the systems hard drive, which makes it impossible to decrypt without paying the ransom for the encryption key, while others lock the system and display messages that coax the user into paying. Here’s everything you need to know about ransomware and how to avoid threats by boosting security.
The 411 on Cryptolocker
The way that ransomware makes it in is similar to the way any Trojan virus makes it in, through file downloads disguised as a legitimate file. CryptoLocker is on the one of the most popular that we’ve seen prospects call in with as of late. The Trojan propagates as an attachment to a seemingly innocuous e-mail message, which appears to be from a legitimate company. The executable file is displayed as a PDF and locks down your entire system (in the simplest terms, but it’s a little more complicated than that). What happens after that? They make you pay them to let you back in. But that doesn’t mean that the threat is gone, because they’re already infiltrated your organization. Now, you have to do damage control.
What to do after an infection
Wanting to know what you should do after a ransomware infection?
- Don’t interact with the hackers.
It’s tempting to take the course of action that immediately resolves the problem, which is to pay the ransom. But once you do that there’s no telling when they’ll force you to pay another ransom for your data, since they’re in your network.
- Engage a technology professional that specializes in security.
A trusted professional can help you execute or formulate a plan related to decryption, backup, continuity or data recovery.
- Attempt to recover your data.
The best-case scenario is a business continuity solution that takes images of your machines and can restore them in a matter of seconds or hours. If you haven’t invested in that strategy, you should have working and tested backups that you can use to recover data quickly, losing only a few hours or days, depending on how often your backup runs.
What not to do after an infection
There are a few things that you shouldn’t do after a ransomware infection:
- Ignore it.
This seems a little crazy, because you obviously cannot work without your data, but be sure not to ignore a ransomware infection. You have to act quickly to contain collateral damage and get access back to your users.
- Pay up.
If you’re not familiar with how technology security works and what other options are available, you may spend the money to get your data back. If you do this, you leave yourself open for another attack. Instead, get a plan in place for continuity and backup moving forward before you decide to make that payment so you’re not stuck in a similar situation.
Build the infrastructure
One of the most important investments you can make going forward is in the security of your data. You need to do some calculations on what downtime will cost you and how long you can truly afford to be without your data. Based on those calculations, create a strategy for how you’ll manage your security going forward. It’s not just about compliance and avoiding fines and securing patient or customer information – it’s about securing what you’ve worked so hard to build.
One of the top concerns for businesses owners related to data loss and downtime is the human element. Humans are going to make mistakes. It doesn’t matter how hard you try, it’s just going to happen. If you have a plan in place and a professional that can help you navigate in times like this when the human element interferes with business productivity – it will pay dividends.