Surviving a Ransomware Attack
Ransomware attacks are part of the most critical security challenges facing businesses today. The attacks can cause major disruptions, but it is possible to survive a ransomware attack, if technical leaders know how to respond to them.
What is Ransomware?
According to Norton, ransomware is a form of malware that locks and encrypts a victim’s device or data. Cybercriminals use it to demand the victim pay a ransom to restore access.
There are many ways ransomware can be installed onto victims’ devices, including malicious URLs and online ads, infected email attachments, and through an unintentional download.
Some of the common types of ransomware are:
- Crypto ransomware—encrypts sensitive files located on the victim’s computer, such as documents, pictures, and videos.
- Locker ransomware—locks victims out of their computers. Computer functions are disabled, except for keyboard and mouse capabilities that allow the victim to meet the cybercriminal’s demands.
- Scareware—makes false claims about viruses infecting the victim’s computer or device. These claims may appear as several pop-up windows.
- Ransomware as a Service (RaaS)—a dark web business model that helps hackers carry out their attacks.
- Doxware or leakware—extorts victims by threatening to distribute sensitive data if ransom is not paid. The term comes from “doxing,” which means releasing confidential information over the internet.
Ransomware strikes businesses, organizations, and governments of all types. These entities should be concerned about the impact of malicious software. The IT or cybersecurity team must immediately identify the root cause of a ransomware attack and then proceed to assess, recover, and document the incident.
How to Respond to a Ransomware Attack
A ransomware response plan should fit the specific data at risk and the tools, processes, and resources available for responding to attacks. The steps in the plan include:
- Define the scope of the attack. Determine how much data was affected and what systems were breached.
- Disable affected systems. This can be done by shutting the systems down or disconnecting them from the network.
- Evaluate the extent of the damage. Figure out what was compromised and who was affected. If there are backups, use them.
- Disclose the attack. Follow organization’s rules regarding disclosure of attacks. If disclosure is required, notify authorities and/or individuals whose personal data was breached.
- Prepare a recovery plan. Design a plan with the input of stakeholders. Create a backup strategy.
- Recover the data. There are several ways to restore ransomware encrypted files without paying the ransom. One method starts by removing the ransomware, then restoring systems from backups.
- Perform a security audit. Identify the source of the breach to prevent it from happening again. Determine how ransomware entered the systems, whether it was by malware, phishing, remote desktop protocol (RDP) vulnerabilities, or something else.
- Create an incident report. Write a detailed report about the attack and the data and systems impacted. Also include information about steps taken to prevent a similar attack from happening in the future.
Case Study: Joplin, Mo. City Hall Cyberattack
In July 2021, the computer system of the government of Joplin, Mo., was shut down by a ransomware attack. The attack forced Joplin’s insurer to pay an unknown person $320,000 to keep sensitive data from being exposed. The city’s computer servers and programs were closed down for days. It took third-party cybersecurity firms to help Joplin recover the information technology systems.
Following the attack, Joplin investigated the incident and worked to strengthen its cybersecurity. The city has overhauled their computer and network systems, including establishing tougher password protocols and virus and malware protection. Additionally, backups are now offsite and automatic security patches address any vulnerabilities that might affect the city’s computers.
Protect Computer Systems from Cyberattacks
A career as a cybersecurity professional places you at the front lines of defense against cyberattacks. You could help companies secure their computer systems and networks, protecting them from a variety of cyberattacks, including ransomware. The Bachelor of Science degree in Cybersecurity from William Woods University prepares students to enter the workforce equipped to provide solutions to protect information in the face of hackers and growing cybersecurity threats.