Are You Prepared for a Ransomware Attack?
November 19, 2018
When the WannaCry ransomware attack occurred in 2017, many companies were shocked into the reality that they were completely unprepared for such a problem. From incomplete updates and patches to employees who were not ready with an incident response plan, this crisis demonstrated a clear picture of the difference between companies that were prepared and those that were not.
What is ransomware? Ransomware is a type of malware that holds your data hostage and then demands payment in order to release it back to you. It often infiltrates an organization through a phishing email or website infection. Generally, access depends on the existing vulnerability of an endpoint.
How can you prepare? In most cases, a ransomware attack occurs at a point of known vulnerability. This means that you likely already know the potential ways that a ransomware attack on your enterprise could occur, so you have the opportunity to address it. You can also proactively train employees to recognize a phishing email and a compromised website.
From the administrative side, it’s important to know which devices are on your network at all times, so that you can keep a live inventory. In the event of an attack, this list will help you isolate problems and determine which devices need remediation. You also need an aggressive and consistent patch management policy so that your endpoints, applications, and operating systems are always up to date. You may want to consider using a patch management tool, designed to reduce the amount of time you need to spend on patching.
Additionally, you should create an incident response plan, as part of a comprehensive business continuity strategy. Your incident response plan should be detailed and practiced multiple times with different scenarios examined and with a variety of circumstances that could affect recovery.
What should you do during an attack? If you discover employees are receiving phishing emails or that a pop-up is asking them to supply money in order to get data back, you are experiencing a ransomware attack. This is the time to pull out your incident response plan and work to identify, isolate and address the attack.
One of the big decisions you’ll need to make during an attack is whether you will be able to restore data from a backup or if you’ll pay the ransom. It’s worth noting that the FBI does not recommend paying the ransom. It’s important to consider that even if you pay it, you may still not receive your data.
Take a picture of the ransom note, provide a copy to law enforcement and see if you can identify the variant type of the ransomware. Knowing what type of ransomware it is may help you in your recovery strategy.
To limit the extent of the damage, you’ll need to disconnect affected devices from the network and turn off other devices until you are certain your network is clean. You can remove the ransomware using anti-malware software.
The best way to approach ransomware is with preventative efforts. Educating employees and keeping patches updated are two of the best ways to ensure that the next WannaCry won’t make you shed a tear.
To leverage the best tools for patch management and managing updates to your systems, contact us at Access One. We serve businesses in the Chicago area and beyond, to help them minimize the likelihood of a ransomware attack and develop a strategy to limit the damage, should one occur.