How to Respond to Ransomware and Malware Cyberattacks - PC Professiona; - image

Cybercrime is a big problem. And big business. And both are getting much bigger.

In the last five years, the FBI Internet Crime Complaint Center (IC3) received 2.76 million complaints and up to $18.7 billion losses. In 2021 alone, there were 847,376 complaints and $6.9 billion losses reported.

Most of the reported complaints come from California amounting to over $1.23 B in losses followed by Texas with $606 million.

“Cybercriminal activity is one of the biggest challenges that humanity will face in the next two decades,” predicts the research firm Cybersecurity Ventures.

They estimate cybercrime damage will cost the world $6 trillion by 2021, double from 2015.

“This represents the greatest transfer of economic wealth in history,” they write, “and will be more profitable than the global trade of all major illegal drugs combined.”

Moreover, according to Cybersecurity and Infrastructure Security Agency (CISA), 44% of small businesses reported being the victim of a cyber attack, with an average cost of approximately $9,000 per attack.

So the question is …

Is Your Business Next?

This article — the final in our series — will cover:

  • How to respond during and after a ransomware or malware attack
  • How to protect yourself now to prevent future cyberattacks.

Read parts 1 and 2:
Part 1 – It’s Tax Time: How to Protect Yourself from Email Tax Scams
Part 2 – How to Spot (and Block) Email Phishing Scams

How to Respond During a Ransomware Attack

A ransomware attack happens pretty fast, and doesn’t give you much time.

Here’s what typically happens: You click an attachment in a phishing email. The attachment downloads malware which connects to a URL, from which ransomware is downloaded to your computer.

The ransomware encrypts all your files and turns your computer into a brick with a countdown timer that ticks off your remaining time to pay. You probably have a few hours. But during that time, you need to download the Tor web browser and figure out how to buy cryptocurrency, the preferred ransom payment. Then you pay through the browser.

The average ransom is “merely” $1,077, but some attacks have extorted hundreds of millions of dollars in total.

For starters, don’t pay. Only about one-quarter of those who pay get their files back anyway.

Instead, follow these steps:

  • Isolate the infection immediately. Like a deadly contagion, your first priority is to keep the malware from spreading and infecting other devices. Literally unplug the physical machine from your network. Physically disconnect your backup drives if necessary. An infected backup is useless.
  • Notify the system administrator. The person in charge of your network and infrastructure absolutely needs to know asap. Your organization should have an IT disaster plan.
  • Restore your system backups. Your backups should get you back in business.

What to Do After a Cyberattack

Once the immediate danger is passed, you need to assess and make changes.

  • Debrief any staff involved. Who was involved? What did they click? And so on. Knowing exactly what happened will help you to …
  • Identify and repair vulnerabilities.
  • Inform key personnel. Top technical and non-technical people in your organization need to understand the situation to plan future cybersecurity strategies and investments.

How to Protect Yourself Before a Cyberattack

You might get lucky, or just be having a good day. You might pay the ransom and be the one in four who gets their files back. Your business might not lose any money. The cybercriminal who did it might get caught and go to jail.

But don’t count on it.

As in most things, an ounce of prevention is worth a pound of cure.

Here are three ways to protect yourself against cyberattacks — and help you recover quickly after one..

1) Education

Not everyone needs to know all the latest ransomware names, virus definitions, and hacker handles. Cybersecurity is a moving target. New threats require new responses in a never-ending game of cat and mouse.

But all members of your organization do need to understand the scale and seriousness of the problem, how to recognize it, and how to respond.

We hope this series of articles has helped you with that, and that you’ll share it within your organization.

The resources listed throughout the series are other excellent sources of cybersecurity news and information.

2) Image and Data Backups

Your saving grace after a cyberattack will be your backups. If you have complete recent backups of your files and disk images, you’re well on your way to bouncing back from almost any disaster. Machines can be reset, but lost files are just lost.

Disaster Recovery as a Service (DRaaS) platforms like Microsoft’s Azure Site Recovery make backup and restoration easy and reliable through features like physically distributed and redundant storage. In addition, Azure Site Recovery can keep your applications running through unplanned outages.

3) Network Security Assessment

Amazingly, many companies don’t notice data breaches for as long as six months. So assessing your company’s security alerts, backup practices, and other measures is critical.

These are the kind of questions you should be asking:

  • Do you have anti-virus and anti-malware software installed?
  • Is your network behind a firewall?
  • Do your email servers have proper security filters?
  • Have you whitelisted critical applications?

In Conclusion

Cybercrime is an unfortunate fact of life. The size and cost of the problem are only going to grow.

But that doesn’t mean you and your business or organization need to be among the victims.

Be aware, and be prepared.

If you haven't yet, check out these other articles: 

Part 1 – It’s Tax Time: How to Protect Yourself from Email Tax Scams

Part 2 – How to Spot (and Block) Email Phishing Scams

Part 3 – How to Respond to Ransomware and Malware Cyberattacks (this post)

Our experienced team can help you with cybersecurity. Contact PC Professional to schedule your Network Security Assessment.