Your Network Has Been Hijacked By Ransomware … What Next? [Blog Post]
July 7, 2016
In the following blog post, SC&H Group’s IT Advisory Services team offers a definitive checklist for effectively fighting ransomware, a new type of malicious threat that is impacting businesses, government agencies, healthcare organizations, and individuals.
As SC&H Group’s “Expertise Beyond the Numbers” blog previously highlighted, cyber criminals have become highly sophisticated in their efforts to penetrate and hold computer networks as hostage.
The latest trend, called ransomware, involves hackers installing malware that restricts access to files, via encryption, accessible by the user and/or the infected computer system. Victims of ransomware are instructed to pay a sum of money, a ransom, to regain access to those file.
Unfortunately, it’s very easy to fall prey to this type of threat. Delivered by an email attachment that typically masquerades as an official software update, ransomware is delivered by simply opening the attachment – a common mistake that anyone could make.
Proactively Prepare Your Network for an Attack
One of the best ways to prepare your network for a potential ransomware attack is to ensure that daily anti-virus updates are installed on every laptop and server, and are actively scanned for infections.
Here are other ways to proactively protect your network:
- Educate your employees to “think before they click” the links or open attachments received in their inboxes.
- Make sure that all software updates are trusted and use agents that run on your employees’ computers – not through email.
- Make sure you understand how your cloud provider can protect your data and recover it in case of a malicious attack.
- Make sure you have sound backup processes, which will help recover much of the data encrypted by the attackers.
When it comes to cyber attacks, many experts believe that it’s no longer a question of “if” – it’s a matter of “when.” As such, if your organization becomes a victim of ransomware, there are things you can do to restore your network.
You Have Become a Victim of Ransomware – What Next?
KnowBe4, providers of an integrated Security Awareness Training and Simulated Phishing platform, has created a ransomware “Hostage Rescue Manual,” which provides a definitive checklist outlining what to do after a breach.
Here are some of the key highlights from this manual:
- Disconnect: Immediately disconnect the infected computer from any network it is on, and turn off any wireless capabilities, such as Wi-Fi or Bluetooth. In addition, immediately unplug any storage devices, such as USB or external hard drives. Do not erase anything.
- Determine the Scope: At this point you need to determine exactly how much of your file infrastructure is compromised or encrypted. If the infected machine had access to shared folders, network storage of any kind, or external hard drives, then the virus may have spread to other parts of the network.
- Determine the Strain: It is important to know exactly which type of ransomware threat has infected your network. Ransomware strains vary, and some are more costly (in ransom payments) than others, while some versions will have even more options to pay, such as Bitcoin.
- Evaluate Your Response: Now that you know the scope of your encrypted files, as well as the strain of ransomware you are dealing with, you can make a more informed decision about next steps. The options include restoring from a recent backup; decrypting your files using a third party decryptor; doing nothing; and/or paying the ransom.
As always, the SC&H Group IT Advisory Services team is advocating for you to remain alert, be aware of all suspicious web activity, and consider these tips in the wake of a ransomware attack.
Interested in strengthening your IT security, and learning how to restore your network after a ransomware attack? Please contact Jeff Bathurst, Director of SC&H Group’s IT Advisory Services practice here.