Ransomware Dos and Don'ts

Ransomware is everywhere. From home users to major universities to local governments—even massive tech firms like Apple—all kinds of organizations are being attacked. And these attacks are becoming ever more frequent and highly targeted. Ransom demand costs soared to nearly $75 million in 2020 according to Emsisoft. And IT Canada says ransomware figures could be four times higher than we think due to underreporting. Your business will very likely encounter ransomware and when that day comes you need to be prepared. Below are a few things you should and shouldn’t do when it comes to ransomware.

The Don’ts

• 
  Don’t hesitate
  There’s a good chance your users have ransomware emails in their spam folders right now. Don’t delay when it comes to making and implementing a plan.
• Don’t pay the ransom
  According to Sophos, 92% of those who pay ransomware ransoms don’t get all their data back. Even if you’re one of the lucky ones who does get your data back, many cybercriminals will copy and sell the data they harvested to make even more cash. Don’t pay unless it’s your only hope, and even then, consider any payment you send may still not get your data back.
• Don’t assume users know how to avoid ransomware
  Your users might be familiar with ransomware in concept, but they might not know how to spot phishing emails or avoid them.
• Don’t assume your firewalls, spam filters, and antimalware will work perfectly
  Ransomware attacks are becoming more sophisticated and targeted, meaning a seemingly innocuous email can sneak through and infect any machine. You need more protection.
• Don’t assume ransomware attacks will decline
  Though leaders in Washington are pushing for new policies to help slow ransomware, you should protect yourself now rather than assume legislation will help anytime soon.

The Dos

• Educate your users
  Host formal cybersecurity training, test users via fake phishing tools and even require that users take online courses. Whatever you do, you must help your team understand their role in preventing infections. You’ll find some helpful training tips in this post.
• Invest in a solid backup and disaster recovery solution
  If your data gets infected you have two options: pay the ransom and hope you get your data back or accept that your data is lost. That is, unless you’re taking regular backups. Find a reliable backup and disaster recovery solution so you can restore a backup taken before a ransomware infection.
• Store backups offsite
  If ransomware locks up a network drive containing your backups, you won’t be able to recover. Be sure to store copies of backups at an offsite location at the very least, and in the cloud, too, as a failsafe.
• Report incidents to authorities
  As noted, ransomware numbers could be four times higher than we think because attacks aren’t always reported. If you have an incident, report it to the FBI.  
• Get a cybersecurity insurance policy
  If you take the correct precautions, you should be able to prevent ransomware intrusions with minimal data loss. But what if you can’t? We have already suggested that paying ransoms doesn’t always resolve the attack, but the sad fact is that some businesses feel they don’t have a choice. More and more frequently, however, it’s not the businesses paying the ransom, it’s their insurance company. That could be a smart choice for your business. With a cybersecurity policy from an insurance carrier, you have one final option for some level of recovery, if only financial. Most carriers offer affordable plans.

Conclusion

Ransomware is a huge issue because it works for cybercriminals. Ransomware-as-a-service offerings make it easy for even a novice to execute a ransomware attack. But if businesses and end users take more precautions, ransomware is less likely to succeed. That could lead to attacks slowing down and, with a little luck, ransomware becoming less of a problem. Take time this week to evaluate whether your ransomware protection is up to snuff. This will help you protect your data while also ensuring that you have a solution in place before you need it.

If you need a bulletproof plan for avoiding ransomware, talk to a StorageCraft sales engineer. They’ll share some strategies and solutions that will help you avoid ever paying a costly ransom.