By now, you’ve undoubtedly heard of the dangerous form of malware known as ransomware. This form of malware disrupts business not by stealing information, but by making it impossible to access information via the infected machine. In most cases, the hackers holding your machine hostage request a ransom payment in exchange for restoring access to your files.
While ransomware (best antivirus software list with ransomware removal) is by no means a new threat to business, it’s a growing one. In the past year alone, the number of ransomware attacks on businesses has quadrupled; in one survey, the number of attacks on businesses in just the months of July and August 2016 was higher than the total number of attacks in all of 2015. And these are just the attacks that we hear about.
Cybersecurity experts suspect that the number of victims of ransomware attacks who simply pay the ransom and move on is much higher than the number of reported attacks, and that alone makes these attacks an even greater concern for those charged with security networks and data against unauthorized access. In short, it’s quickly becoming not a question of “if” a company will be targeted, but “when” it will happen.
So when your files are encrypted by ransomware, what should you do? Because the spread of ransomware is comparatively new, there is still a lack of consensus about how to respond, but in every case, you have to do something.
Responding to the Attack
If you are hit by ransomware, do not panic. While some of these infections claim to come from law enforcement in response to supposed illegal activity, that’s never the case.
More often than not, the ransom requested is a relatively small amount, typically $1,000 or less. In some attacks, the hackers have even requested payment in the form of gift cards. Regardless of the amount of the ransom, though, you typically have two options: Pay it, or attempt to remove the malware from your machine and restore access to your files.
Until recently, the most common course of action was to pay the ransom; in fact, in most cases even the FBI recommended simply paying it. This can have some benefits, namely restoring access to your files sooner, but at the same time, paying isn’t always a guarantee that you’ll regain full access to your files or that they haven’t been corrupted. Paying the ransom also doesn’t preclude the attack from happening again.
However, according to cybersecurity experts now, paying the ransom is actually the last thing you should do. Because these attacks tend to be rather unsophisticated in comparison to other malware, you may be able to get rid of the malware easily. For starters, turn off your computer, and disconnect it from the network or Wi-Fi, which could possibly stop the attack in its tracks.
If that doesn’t work, restarting your machine in safe mode and restoring your files from a recent backup could possibly take care of the issue. If neither of those methods work, your security software may include a ransomware removal tool or other resources that can help you remove the malware and restore access without shelling out the ransom.
The Big Question: Is It a Breach?
One of the major concerns about ransomware isn’t necessarily about stopping or removing it, but what companies have to do in terms of reporting after it takes place. There is a great deal of discussion taking place as to whether a ransomware attack actually constitutes a data breach and therefore needs to be reported, particularly in cases where the victim is an entity covered by regulations such as HIPAA.
While the Department of Health and Human Services recently released guidance stating that a ransomware attack should be treated as a breach, the FBI and other experts argue that since ransomware doesn’t actually expose or release data, it does not fall under the same reporting requirements. In fact, in most circles, an event is only considered a breach if there has been a confirmed disclosure of data; otherwise, it’s only considered an incident.
That being said, the fact that ransomware is becoming such a problem is indicative of the need for companies to prepare for a potential attack, including developing a backup strategy that includes multiple backups with at least one copy stored off site, a contingency plan for operations should the network be compromised, and strong security protocols and tools in place to block the malware from taking hold in the first place. By recognizing the risk and preparing to address the issue, you can prevent ransomware from harming your business.