Ransomware is one form of malware that’s particularly damaging. It can lock a company out of their data, bringing their business to a standstill until it can be restored.
While Canadian businesses have previously been spared the volume of ransomware attacks that other countries have seen, CBC reported an increase in these types of attacks in Canada, with a recent attack on a Toronto Dental clinic, resulting in a ransom demand of $165,000.
How a ransomware attack works begins in a similar way to other virus and malware attacks. A phishing email or malicious website injects a device with ransomware.
The ransomware encrypts all the files on the computer and seeks out connections to servers and other devices in the same network.
A message will usually display on infected systems that includes a ransom demand and how to pay it (typically requested in untraceable bitcoin). When this happens, the victim typically has three options:
In the case of the attack on the dental clinic, the ransomware spread fast, impacting files on 19 of 22 of the clinic’s computers, locking it out of most digital files. Luckily, the clinic had a backup of their data so they avoided having to pay the ransom.
The cost of ransomware last year to Canadian businesses was $2.3 billion.
Ransomware is a serious threat to network security and costs just more than the immediate cost of resolution, because it can result in hours or days of downtime.
If you find yourself the victim of a ransomware attack, there are certain steps you want to take a soon as possible to reduce the impact on your business.
One of the first indicators of a ransomware attack is the ransom note that appears on the device screen. It’s important to take a photo of this in case something causes it to disappear. The details on the note will help an IT specialist identify the type of ransomware that has infected your system.
Additionally, the note contains the instructions on how to pay the ransom, should you decide you have to.
Ransomware seeks out other files that it can infect. This includes other devices connected to the same network and cloud file storage systems that the device may be synching to.
You want to completely disconnect the device from all network connections, including the internet connection that allows it to sync with cloud services.
Next, you need to see how far the ransomware has spread. Check all other devices on your network, including computers, mobile devices, and servers, to see if any of them are also infected. If they are, follow the same procedure above to disconnect from the network.
Using a non-infected device, check your cloud storage or backups that were connected to an infected device to see if any have been impacted by the ransomware.
You don’t want to try to remove the ransomware yourself, or you could end up losing the ability to access your files if you need to pay the ransom.
An IT pro will be experienced with business continuity and disaster recovery and can walk you through the next steps involving file recovery and removal of the malware.
Ideally, you don’t want to have to pay a ransom to restore your files. It only emboldens the attacker to continue with more attacks and you have no guarantee that they’ll actually hold up their end of the bargain.
The ideal situation is to have a full backup of all your files so that an IT pro can remove the ransomware from your devices and restore your files.
However, if you haven’t properly backed up files, then the ransom may be your only option to getting your files back. You want to decide which path you’re taking before doing ransomware removal, because if it’s removed, then any decryption key an attacker gives you may not work.
One of the things that an IT professional will do when helping you handle a ransomware attack is to learn how it happened so they can guide you in preventing it again in the future.
Companies can be vulnerable to ransomware for a number of reasons:
An IT pro will help you put protections in place to safeguard your network from a future attack consisting of ransomware of other types of malware.
Haxxess can perform a full network cybersecurity assessment to ensure your Sudbury area business is fully protected from ransomware and other attacks.
Contact us today to schedule a free consultation! Call 705-222-8324 or reach out online.