How to Respond to a Ransomware Attack
Ransomware doesn’t have a clear origin, but it has evolved into a weaponized form of cyberattack.
Typically, attackers infect targets by exploiting software vulnerabilities and malware that is designed to gain access to a computer. Once a machine has been infected, ransomware will encrypt the user’s files and demand a ransom to decrypt them.
How to Avoid Ransomware:
Before getting infected with ransomware, be sure that your organization’s computers are properly secured and updated with the latest security patches. Additionally, ensure that the systems you own have strong backups of all important data.
How to Respond:
Once your business is infected with ransomware, your first step is to isolate the system from the rest of the network. This can be a difficult task, but it’s essential to minimize damage.
You should also back up all of the encrypted files on removable media to create a fallback in case the ransomware doesn’t decrypt them for you or the encryption process itself corrupts them beyond repair.
How to Decrypt:
The most common way to recover from ransomware is to pay the criminals a sum of money that will allow the hackers to release the encrypted files. However, this strategy comes with a lot of risk and can take a long time.
Businesses should follow their written incident response plan in the event of a ransomware attack. This should include looping in senior management, the legal department, and the company’s insurance carrier from the outset of the investigation. This will ensure that the incident is properly investigated and any resulting damages are properly addressed.