How Should Companies Handle a Ransomware Attack?

Written by: ConsultNet

What is Ransomware?

Ransomware attacks are an increasingly common type of cyberattack, affecting businesses of all sizes and in every industry.

Ransomware attacks are invasive assaults on your company that can cripple operations and destroy reputations.

In a ransomware attack, a criminal takes control of a company's systems, including websites, servers, and data. Once the cybercriminals have control of your systems, they encrypt the information, which incapacitates all functionality, leaving users locked out.

Attackers then hold that information hostage, demanding payment, usually in the form of untraceable cryptocurrency, to decrypt the information or else destroy or sell data and intellectual property.

Sometimes attackers threaten doubly, telling companies they will release the information publicly, which can destroy reputations and expose personal information to anyone.

Ransomware attacks are on the rise across the world because they are so effective. Many attacked companies give in to hacker demands and pay the ransom to avoid damaging public awareness and reputational damage.

Ransomware attacks come in various types. Among the most common types are:

• Encryptors. These programs encrypt data within a system, making the information inaccessible without decryption.
• Lockers. These tools lock you out of your system, often displaying a screen with the ransom demand and a countdown clock.
• Scareware. These programs claim to detect a virus or problem with your computer and direct you to pay to resolve the issue. Some types lock you out or flood your screen with pop-ups.
• Doxware/Leakware. These attempts threaten to release personal information online, with some impersonating law enforcement claiming to have detected illegal activity that can be resolved by paying a fine.

• Use of RDP. Microsoft’s Remote Desktop Protocol (RDP) is frequently used by attackers to deploy ransomware. It is becoming more common as more users work from home, using RDP to access shared files
• Known Tools Present. If your system defenses detect GMER, IOBIT Uninstaller, Microsoft Process Explorer, MimiKatz, PC Hunter, or Process Hacker, which are used to steal credentials or disable security tools, you could be under imminent threat

How do hackers gain entry? Here are the most common entry points:

• User Credentials. Using phishing, malware, and other approaches, hackers gain access to a user’s login and password information
• Fileless Malware. Sometimes files are not embedded but hackers can use malware to access and encrypt
• Insider Threats. Employees and other users may wittingly or unwittingly provide access
• Misconfiguration. Misconfigured cloud solutions can expose data to ransomware
• Brute Force. Hackers scan for open RDP ports and use tools to gain access

How Should Companies Handle Ransomware?

One of the most important things to do if there’s a ransomware attack is to remain calm. With the right strategies and plans in place, you can remove or mitigate the impact.

You should never pay the ransom. There is no guarantee that after payment the attackers will relinquish control. It also encourages hackers to continue launching these attacks.

It's smart to reach out to IT experts like ConsultNet or federal law enforcement for assistance. Both the Internet Crime Complaint Center and FBI can provide technical assistance in resolving the attack and help determine if the attack is isolated or part of a national or international wave. Involving law enforcement can help connect you to valuable resources and stop others from being attacked.

Professional IT experts can bring their knowledge and experience to bear on your issue, guiding you through each step. With ConsultNet as your IT partner, you’ll have support at every phase of the resolution of your attack and can help design systems to avoid future assaults.

There are many phases to addressing a ransomware attack, from identification to decryption to data recovery.

Here are the key steps to take:

• Isolate the Attack. Ransomware often spreads gradually. Disconnect infected systems and trace back the attack
• Keep the Status Quo. Do not reboot systems, install updates, or do other system maintenance
• Don’t Launch Backups
• Notify Key Stakeholders and Law Enforcement
• Remove the Ransomware from Infected Systems
• Decrypt the Files
• Install Anti-Malware Software
• Reformat and Reinstall Systems
• Restore Using Backups

Prevention is the most critical step companies can take. Here are some of the most important preventative measures:

• Invest in Disaster Recovery Plans to Ensure Minimal Adverse Impact
• Allow Access on a Need-to-Use Basis
• Provide 24/7 Technical Support for Users
• Train Employees to Understand and Be Aware of Common Ransomware Tactics and Signs

If you’re concerned about your company’s preparedness to prevent a ransomware attack, ConsultNet is here to help.

Receive a Free Consultation for Your Cybersecurity Needs

Our cybersecurity services include disaster recovery, managed security, computer or server maintenance, employee training and awareness, and more.

ConsultNet has the expertise, insight, and knowledge to help you detect, prevent, and contain ransomware attacks. With 24/7 monitoring, employee training, and active management of your technology, ConsultNet can give you peace of mind.

Your company is too valuable to let a ransomware attack derail your work. Learn more about how to prevent a cyberattack at your company by contacting ConsultNet today.