How to Prevent and Mitigate Ransomware
Ransomware is the fastest-growing malware threat, with high-profile attacks against businesses and municipalities making headlines on a regular basis. The good news is that many of the threats leveraging ransomware can be prevented or mitigated with proper preparation and cybersecurity hygiene.
Ransomware has come a long way since it first appeared in 1989, when a virus encrypted a user’s files and required them to pay a fee for a decryption key. It evolved into a malware family that grew in strength and ambition, moving from existing on a diskette to hiding within emails, sound and video downloads, and images. Today, it’s used to hijack computers to mine cryptocurrency for criminals hundreds or thousands of miles away.
Cybercriminals typically target organizations that can afford to pay. These include government agencies, hospitals, and banks, as well as firms that store sensitive data, like law offices. In some cases, the cybercriminals are betting that the companies will pay up and not press for an investigation.
If a company is hit by ransomware, it’s important to follow the written incident response plan, particularly notifying senior management and the legal department. Involving the attorneys early in an attack can protect the company’s rights and limit its exposure, including potential class-action lawsuits brought by its customers. It also can limit a company’s liability by ensuring that any communication with the cybercriminal is protected by attorney-client privilege and the attorney work product doctrine.
A final tip: Ensure that your organization has backups of all digital data stored offsite, so you can restore those files without paying the ransom. However, be sure to run a quick test on those backups before rolling them back into the network, as modern ransomware is designed to be resilient and will likely corrupt any backup files it finds.