How to Mitigate the Damage Caused by Ransomware
Ransomware is malware that encrypts the files, devices or systems it infects, rendering them unusable until attackers receive a ransom payment. Early versions of the ransomware simply encrypts the victim’s data, but later threats have incorporated cyber extortion tactics to force victims to make the demanded payment. Additionally, attackers have started targeting backup and shadow copies of files to prevent victims from restoring the encrypted data.
The latest ransomware variants are even more dangerous and sophisticated. They may include the ability to steal passwords, wipe the system or steal cryptomining equipment to mine cryptocurrencies on the victim’s computer for the benefit of criminals thousands of miles away. This type of attack can even render critical infrastructure unusable.
Fortunately, companies can mitigate the damage of ransomware attacks by deploying a proactive incident response plan. These plans should include removing the malware, cleaning up the affected data and resetting the affected endpoints and the central system to a clean state. In addition, companies should communicate the specifics of the incident to stakeholders — both internal and external — as dictated by their incident response plan. This includes alerting senior leadership, the company’s insurance carrier and the cyberthreat intelligence team.
While it is possible to regain access to the data without paying the ransom, companies must be prepared for a potential loss of business or reputation in the wake of such an incident. It is also important to keep in mind that, when dealing with criminals, there is no guarantee that they will follow through on their promise to deliver a decryption key once the ransom is paid. In fact, many victims who have paid a ransom have never received the decryption keys they were promised.