What to do when hit by ransomware

When faced with an attack, it’s not uncommon for business owners to panic.  However, whilst it may be too late to take on the advice about backing up and protecting your data, there are steps that can be made to ensure that the damage is as limited as possible. Here, Nigel Crockford, Business Development Manager of IT consultancy eSpida, explains how businesses can reduce the damage caused by a ransomware attack. 

  • 5 years ago Posted in

 When faced with an attack, it’s common for business owners to panic and lose all the IT common sense they ever had. While it may be too late to take on the advice about backing up and protecting your data, there are steps that can be made to ensure that the damage is as limited as possible.

 

When your organisation is already under a ransomware attack, depending on the backup systems that are in place, it may be too late to protect your data. At eSpida, we encourage all companies we work with to have an effective backup system that limits data loss in the event of an attack.

 

We recommend that companies use a 3-2-1 backup strategy to have the best chance of protecting data. This means that, in addition to their standard data storage on servers, there should be an additional backup and a backup offsite.

 

After an attack, IT managers must immediately get all users to lock down their computers to avoid any further infiltration into the network. The second step is for one user to update all anti-virus and anti-malware software to check for a fix. This software is often so regularly updated that a fix may have become available in the immediate aftermath of the attack. This process should be repeated for each backup system.

 

If the anti-virus software cannot put a stop to the attack, then the data is unfortunately lost. For companies who had the foresight to use multiple backups, they should then move through each backup system, repeating the process of shutting all users down, updating software and seeing if it fixes the problem.

 

Once access is restored, all users are responsible for acting as the Chief Security Officer (CSO) and must perform due diligence checks, updating all anti-virus software and ensuring there is no way for the ransomware to regain access.

 

If there is no way to restore actions and if it is too late for backups, then businesses can unfortunately face severe consequences. It is common for businesses to fold because of the loss of data involved in a ransomware attack. In fact, studies show that 20 per cent of UK companies are forced to shut down when hit by a ransomware attack.

 

If the attack has destroyed accounting data, it can be impossible to know who owes the company money, which can be extremely damaging from a financial perspective.

 

In this situation, the best option for businesses is to get in touch with their insurers. They may be able to temporarily support the business financially, while IT staff can work to reinstate their applications and source the data that was lost from other applications.

 

In some cases, especially when panicked, business owners are often keen to pay ransoms to release their data, but they need to know the risks before they rush into this decision. Even when ransoms are paid, the data may not necessarily be released, and if it is, it could be damaged, corrupt or even completely irrecoverable.

 

There are multiple steps to take in the event of a ransomware attack but, as we all know, the best method is prevention. Installing back-up systems such as the 3-2-1 strategy, educating employees about good practice and regularly updating software can go a long way in helping a business to protect itself against a ransomware attack.

 

While hopefully most businesses won’t face the cost of a $300 million loss as Merck did, when faced with a ransomware attack, they can lose sight of common advice and make the damage even worse. By following these steps and taking the advice of IT consultancies to protect themselves in the future, businesses will be able to reduce the damage caused by ransomware attacks.

By Barry O'Donnelll, Chief Operating Officer at TSG.
By Dr. Sven Krasser, Senior Vice President and Chief Scientist, CrowdStrike.
By Gareth Beanland, Infinidat.
By Nick Heudecker, Senior Director at Cribl.
By Stuart Green, Cloud Security Architect at Check Point Software Technologies.
The cloud is the backbone of digital cybersecurity. By Walter Heck, CTO HeleCloud
By Damien Brophy, Vice President EMEA at ThoughtSpot.