Ransomware is top of mind among cybersecurity experts this year. In part, this is because it’s such a pervasive threat: in 2021, 56% of organizations around the world suffered a ransomware attack! Attackers are also leveraging the current hybrid work environment to target organizations in the midst of digital transformation.

As we head into 2022, ransomware will remain at the forefront of cybersecurity concerns. The landscape is troubling:

• Targeted, relentless attacks: We see incidents of a “double extortion” model in which attackers not only demand a ransom to recover critical data, but also pressure victims to pay additional money through targeting efforts and threats to publicly share or even auction your data.

• Steep ransoms: In the first quarter of this year, we’re also seeing especially high payout demands. The average ransom amount paid this year is $1.1 million, and, in one recent attack, a business paid $50 million!

• Emerging threats: We also see dangerous new variants, such as a “twist” on ransomware in which criminals attempt to exfiltrate all needed data before a business even knows it’s under attack. 

Not only can a ransomware attack on your business cost you significant time and money, it can also damage your reputation or, in some cases, shutter your operations altogether. To help you stay secure, we share a few simple “do’s” and “don’ts” to prevent and recover from a devastating ransomware attack this year and beyond.

Ransomware Don’ts

Don't Pay the Ransom: You got hit with ransomware and your data is being held hostage. Paying the ransom may seem like the quick and easy way out, but, most of the time, it's better to not to pay the ransom. First, paying the ransom does not guarantee that you'll get your data back. Doing so could even make you a repeat target, since attackers know that you’ll pay up. Instead of paying the ransom, immediately deploy your incident response plan to keep your business operations afloat. 

Further, the data you pay to recover could be corrupt. In one report, nearly half of the businesses that paid a ransom found that some or all of the data was corrupt or had data integrity issues. You could also suffer a penalty from the U.S. government for paying the ransom. New regulations from the U.S. Department of Treasury’s Office of Foreign Assets Control (OFAC) mean that some organizations could be fined for paying sanctioned threat actors.  

Don't Click on Email Attachments: Ransomware is frequently deployed using malicious email attachments or links. Educate your employees and users on cybersecurity basics, like not clicking on unknown attachments or links. Often, these scams look like legitimate emails from trusted brands, so it's crucial that you and your staff stay vigilant and know how to spot potentially harmful emails. (For more, here’s five cybersecurity training tips your employees should master.)

Ransomware Do's

Do use security software and endpoint device protection: Anti-virus software can protect your business from the latest malware threats. But keep in mind that employees today are relying on multiple devices to access your network, including work and personal laptops, home desktop computers, tablets, and mobile devices. More endpoints means more points of entry into your network. One report finds that nearly half of all connected devices are vulnerable to medium and high severity attacks. As such, you should also consider a comprehensive endpoint detection and response solution to prevent attackers from entering your network via multiple endpoints. 

Do keep software up to date: Out-of-date software isn’t just wonky, slow, and frustrating for users, it can also put your business at risk. Cybercriminals know about vulnerabilities in your software before you do. Outdated programs open the door for attackers to find these holes. Keep your antivirus up-to-date and continue to patch all software to prevent attackers from exploiting vulnerabilities. Despite the risk, one study found that more than half of the applications installed on PCs were out of date.

Do back up: If you have a copy of all of your data, an attacker can't really hold anything ransom. Now is the time to invest in a robust backup strategy to prevent data loss. Not only will it thwart a ransomware attack, but it will also protect your business from other unforeseen disasters, like a natural disaster, human error, fire or flood, or even another world-changing pandemic. When choosing and implementing a backup solution, keep in mind: 

• Flexibility: Do you want a basic data backup solution for incremental, encrypted backups or do you need a fully-staged and tested virtual disaster recovery solution?

• Automation: Look for solutions that eliminate manual processes and instead leverage automation. Automation also solves for the common challenge of human error.

• Budget: It may be cost-effective to partner with a security expert to develop and deploy a custom back-up solution.

• Consolidation: Avoid a backup solution that requires a lot of different products, which can create silos, wasted space, and unwelcome complexity.

We also recommend you employ a combination of preventative measures to eliminate or reduce the risk of a ransomware attack, including: email gateways, secure VPNs or Zero Trust security, and password management.

We hope this post is a helpful orientation on how to prevent and recover from a ransomware attack. We have one last ransomware do: Do get in contact with N8 Solutions to talk about how to best protect your business from a damaging ransomware attack this year: Call us at (262) 288-1501 or complete this form.