Hackers don’t take a break over the festive season – Pay or don’t pay? How to respond to ransomware…
As the number of hacks and cyber attacks continues to rise, protecting the systems and data your business relies on is more important than ever. An increasingly common type of cyber attack is ransomware, which can have an instant financial impact as well as long-term consequences for the infected business.
The concept behind ransomware is simple. Hackers encrypt all the files, folders and drives on a device and then demand a ransom to be paid before they reinstate them.
Ransomware is cheap to deploy and widespread, so even if only a few victims pay, attackers will likely make a handsome profit. As such, cyber criminals attacking in this way will typically take a “scattergun” approach in targeting their victims.
Being attacked by a ransomware hacker is financially damaging for a business, and if it’s handled badly, the damage to your company’s reputation can be irreparable.
Here’s what to do if your business is attacked:
Identify the weakness: Ransomware most often gets into a system through a malicious link or email attachment. In most cases it will only affect the device it was opened on. However, in some cases the entire system can end up infected.
The first step after an attack is to find the device that was infected first and work out if other suspicious emails have been opened on other devices. The sooner you find the source, the quicker you can act.
Disconnect your device: After infiltrating one device, ransomware can spread quickly through the network. So it’s important to remove the infected machine from the office network.
Notify the authorities: It’s important to notify the relevant authorities of a breach as soon as possible. But be aware that Australian laws are ineffective in the case of the perpetrator residing in another country. Checking the Australian Police website, www.afp.gov.au/cybercrime, will tell you that unless your attacker is operating from within the country, the police can’t really help you. And if you have business contacts of any kind in the European Union, you must inform the EU Information Commissioner’s Office within 72 hours, or face a significant fine.
Inform employees and customers: It’s important to be transparent in the event of a breach. Employees should be made aware of it immediately and the actions that you are taking to resolve it. You should also let your customers know that their data may have been compromised in a ransomware attack. Customers will respond better to your business if they hear this news from you, rather than from the media.
Update your security: Once the incident has been resolved, it’s important to audit and update your IT systems. This can be a bit of a financial investment, but it’s important to ensure your data and company reputation stays intact.
Don’t pay the ransom: A few years ago the number of ransomware attacks increased as cyber criminals realised a lot of people were paying up, and that they could make a significant amount of money for little effort. Worryingly, research found that one-third of companies believed it’s more cost-effective to pay the ransom than to invest in a security system!
Be prepared: Before it happens to you, set up systems to repel online intruders and safeguard your IT security. Have a plan in place detailing the procedures you will take in the event that your business is attacked by hackers.
We’re no strangers to the subject of cybercrime, and we will always be happy to share our knowledge with you. Talk to us about your cyber weak spots and ways we can help you protect your business and – if the worst happens – how we can help you with one of the growing number of cyber insurance policies that are available now in the market.
Cyber insurance can cover ransomware as well as many other potential attacks on your business IT and systems. Better an ounce of prevention than a world of pain.
This article originally appeared on Adroit Insurance & Risk Blog and has been published here with permission.