Ransomware is a type of malicious software, or malware, designed to deny access to a computer system or data until a ransom is paid. Ransomware typically spreads through phishing emails or by unknowingly visiting an infected website. Using this form of attack has become an increasingly popular form of attack undertaken by malicious actors against businesses.
As ransomware is becoming harder to avoid, security experts at Infrascale, put together a list of considerations for organizations to undertake if they are compromised by ransomware. These tips have been offered to Digital Journal, and they are:
Capture the ransomware message
When a firm is struck by a ransomware attack, the first impulse is invariably to action. Yet it is important to cover some basics, such as to take a screenshot of the ransomware message. The digital image will serve as evidence, for insurance claims and for notifying the police.
Don’t automatically pay the ransom
As Tufts University professor Josephine Wolff wrote in The New York Times, paying ransomware attackers is not always the best option. This is because this practice functions to reinforce the message that ransomware is a “business model” that pays.
Conduct a cost-benefit analysis
Weighing up costs and benefits will help a firm to decide on the best path forward. MIT professor Larry Susskind noted that if ransomware freezes critical business operations, an organization may not be able to collect revenues, provide vital services such as water or electricity, or conclude patient procedures. In some cases, it may be more cost effective to pay out.
Understand whether the issue is encrypting ransomware or screen-locking ransomware
When a screen-locking ransomware attack happens, the situation can often be more easily remedied. For example, the user can attempt to close the affected application using a Mac Activity Monitor or Windows Task Manager. By restarting a device in safe mode and then employing malware removal technology, this can sometimes eliminate the malicious code.
Move quickly to limit the threat
Ransomware can spread through systems rapidly. This means it needs to be contained as soon as possible. It is important to physically disconnecting affected devices and to put them in airplane mode. It is important to unplug Ethernet cables and connections to external devices such as cameras, hard drives, and phones. It is also possible to limit ransomware through microsegmentation: a method of creating secure zones in data centers and cloud deployments that allows companies to isolate workloads from one another and secure them individually.
