The best way to protect your company is to hire an outside IT firm from the start, to minimize your risk.
This will be a short and sweet post on the few things to know when you are hit with ransomware. We’ve decided to divide the ideas into sections to ensure it’s easier to know what to do, and when.
Only one machine is infected
This is rarely the case because ransomware spreads through most networks like wildfire. We have met with companies that have had only one machine infected because it wasn’t on the network. If however, the single machine was infected, we suggest you wipe the computer, reinstall the operating system and restore the files from backup.
Numerous machines infected
In this case, we also suggest you wipe and reinstall the operating systems and restore from backup. Likewise for servers. This may seem extreme but there is no guarantee the same malware isn’t still on your systems, waiting to spring up again and start locking your files.
In the above cases, there may be backups of entire machines – prior to when the infection began. Assuming you are 100% sure you know when the infection started, then you can restore your entire system from backup – in other words the operating system (Windows 10, etc.) and the data together.
No backups exist or they are infected too
All too often we get calls where this is the case. You can try to unencrypt your files with available utilities but this seems to never be 100% successful based on the companies which call us for help. You may have to pay the ransom. The challenge of course is there is no guarantee your files will be unlocked or you won’t get hit again because there are files still lingering on your systems which aren’t easily detected. Even worse, the people you paid will likely target you again because they know enough about your organization to craft messages which look like legitimate correspondence.
This is the worst situation to be in for obvious reasons. For hackers, infecting your company and extorting money is a business and they need it to grow. You have just become fertile ground for more attacks.
We have had calls from companies that have backups but only from the prior day. This may work to help restore a server in case of an outage but it doesn’t help if your ransomware problem goes back before the backup was last run.
Here are some simple tips business owners need to be aware of:
- Backups need to be done at least daily and there need to be weekly, monthly and quarterly backups available to you.
- Backups need to be checked from time-to-time to ensure things are working correctly.
- If you can set up a daily email when successful backups are running, you will be sure it gets done.
- Backups need to be housed remotely – potentially in the cloud and locally. In some cases, you may need to wait a week to restore large amounts of data from your provider. This is why you need something local to count on as well.
- Hire an outside IT firm. This is self-serving as we are a 5-star rated IT firm but you should consider this advice because 60% of all cyberattacks result of an inside job. 45% of the total number of attacks are from malicious insiders. Both the #PanamaPapers hack and the $82 million Swift breach in Bangladesh were likely inside jobs. Hiring an outside firm like an MSP or IT service provider, minimizes your risk.
Business owners and management need to understand that without technology, they can’t run their companies. Nowadays, our websites, accounting systems, order management software and other related systems all depend on a properly functioning network.
If your disaster recovery strategy is not something you’ve thought about because you think an earthquake won’t hit you, you are likely right. Cryptolocker, however, will likely hit every company at some point. The research tells us today that there is about an 80% chance you will be hit with a data breach of some kind. Expect this number to grow.
Moreover, Cryptolocker is a crime that pays amazingly well and there seems to be no current penalty for deploying it. We expect this threat to continue to spread. Keep in mind that it has the potential to cause significant damage to your business – unless you have solid backups in place or pay the ransom to someone who wants to decrypt your files.
We are living in a very dangerous time and IT can no longer be the afterthought it might have been a decade ago. A single accidental click can close your business – be forewarned and take action before you get hit.
A new breed of hacktrepeneurs has awoken and they have little to fear and everything to gain by infecting as many companies as possible and extorting money from them. Apex Technology Services stands ready to protect your company regardless of whether it’s located in New York City; White Plains, New York; Connecticut; Australia; Europe; or anywhere else. Our full suite of cybersecurity and IT support services is at your disposal, enabling you to spend less time worrying about and more time growing your business.
In addition, our new Cybersecurity Compliance Certification for law firms will help keep your legal practice from becoming the next Panama Papers victim. This baseline cybersecurity audit for the legal industry should be considered seriously by all law firms.