The Effects of Ransomware: What Should You do if You’re Data is Compromised?
In 2021, ransomware attacks have risen by 62% worldwide, and 158 percent in North America. After Ransomware attacks on major organizations such as Colonial Pipeline, JBS Foods, and others, made headlines last year, more businesses than ever are reviewing their cybersecurity practices to shore up defenses and protect their data.
Most organizations, regardless of size or industry, will be the victim of one or more ransomware attacks. IT systems are the foundation of a business and any downtime from ransomware attacks or viruses can lead to business disruptions, lost revenue, or even lost customers. It’s critical to be prepared for an event such as this, while hoping it never happens.
What is Ransomware
The U.S. Government’s Cybersecurity and Infrastructure Assurance Agency (CISA) states: Ransomware is an ever-evolving form of malware designed to encrypt files on a device, rendering any files and the systems that rely on them unusable. Malicious actors then demand ransom in exchange for decryption. Ransomware actors often target and threaten to sell or leak exfiltrated data or authentication information if the ransom is not paid.
What does this mean for you? Hackers will take advantage of the weakest points in your security system to steal your data or lock files. They will not give you the key to access your system or return the files unless you have paid their ransom, and this is usually in cryptocurrencies so they can maintain their anonymity.
What Industries are Affected?
No industry is safe from attack, and every computer file is at risk of being encrypted, according to the ISACA. This is usually with the target being mapped network drives, which it’s best practice today to no longer use, as there are newer and safer protocols that can replace the SMB protocol. In an article from November 2021, it was said that SonicWall expected to record 714 million attempted ransomware attacks by the close of 2021, a 134 percent skyrocket over 2020 totals.
Security must be top of mind for all companies of every size and industry, all of whom need to invest in technology to shore up their defenses and implement safety procedures everyone needs to follow within the organization.
What can you do if your data is compromised?
There are many steps to complete and implement when a breach occurs. Consider having a plan already in place so that should this happen to your company, you can immediately spring into action and take the critical steps to resolve the breach. As an example, you can visit the Federal Trade Commission (FTC) for a full breach planning roadmap, also loosely outlined in brief herein:
- Move quickly to secure your systems and fix vulnerabilities that may have caused the breach, including physical areas that may have been affected
- Change codes and quickly mobilize a response team consisting of legal, IT, human resources, investors, communications, and others, to prevent further breach attempts and data loss
- Consider hiring independent forensic investigators to help you determine the source and scope of the breach
- Talk to your legal counsel who can advise you on federal and state laws that may be implicated by a breach
- Stop additional data loss. Take all affected equipment offline immediately — but don’t turn any machines off until the forensic experts arrive
- Remove improperly posted information from the web
- Search for your company’s exposed data to make sure that no other websites have saved a copy. If you find any, contact those sites and ask them to remove it.
- Interview people who discovered the breach.
- Document your investigation
- Do not destroy any forensic evidence during your investigation and remediation.
- Work with your forensics experts
- Find out if measures such as encryption were enabled when the breach happened
- Analyze backup or preserved data
- Review logs to determine who had access to the data at the time of the breach.
- Have a communications plan
- Notify appropriate parties such as law enforcement and affected businesses and individuals
- Determine your legal requirements - Check state and federal laws or regulations for any specific requirements for your business
How do you protect yourself in the future?
Here’s a look at steps you can take now to mitigate the risk of ransomware attacks. Follow these steps and make sure everyone within your organization is taken security measures seriously:
- Require multi-factor authentication (MFA)
- Implement network segmentation
- Scan for vulnerabilities and keep software updated
- Implement endpoint and detection response tools
- Limit access to resources over the network, especially by restricting protocols such as SMB and RDP
- Secure user accounts
Preparation is key for the security of your business and your precious data. If have not already done so, act not to protect your assets, and stay abreast of real-time news and information concerning cybersecurity and Ransomware attacks.
About the author: As CIO at VAI, Kevin Beasley oversees both the corporation’s technology strategy in conjunction with product development and the internal information technology initiatives that support the goals of the company.
Kevin is hosting a very special cybersecurity webinar on Feb. 15th together with Guest Speaker, R. S. Richard Jr., Cybersecurity Advisor, from the U.S. Department of Homeland Security, Cybersecurity and Infrastructure Security Agency. Register today.
Chief Information Officer