Ransomware has been one of the top cyber threats in the past several years. Thanks to the WannaCry attack of 2017 and others, most people have heard of this type of cyber threat, but many do not know how it works, how to protect against it, or what to do if they are infected.  Here are some suggestions to include in your overall cyber risk management plan to help your business prepare for and respond to a ransomware attack.

What It Is

Ransomware is a form of malicious software (malware) that blocks user access to a device or files, usually by encryption, until the victim pays a ransom.  Once a victim’s files are encrypted, attackers display a screen or webpage that explains how to pay the ransom (in digital currency, such as Bitcoin) and unlock the files with a decryption key. Although it has been around for decades, ransomware has become increasingly prevalent, and with so many variants available, it can now be purchased on a subscription basis (Ransomware-as-a-Service), allowing even novice cyber criminals to launch attacks.  Ransomware is often delivered through phishing emails, or through exploit kits used by hackers to exploit software vulnerabilities (such as when a victim visits a compromised website), or through “free” versions of software.

How To Avoid It

Here are some steps your business can take to reduce its risk:

• Install reliable anti-malware software on your system with specific features to combat ransomware attacks.
• Keep all operating systems and other software up to date, including anti-malware software. Installing regular updates is key, since cyber criminals look for software vulnerabilities.
• Have an effective business continuity and disaster recovery plan and practice it regularly.
• Back up your business’s data on a regular basis. This can be accomplished using external drives not connected to your main system or through a cloud service provider. Backups should also be periodically tested to ensure the backup process functions properly and data is not corrupted.
• Practice good cyber hygiene. As discussed above, cyber criminals use social engineering techniques such as phishing emails to introduce ransomware.  Avoid suspicious emails, links, and attachments which can contain malicious code, and be wary of unexpected emails.  If necessary, scan the email attachment through an anti-malware program before opening it. 
• Consider implementing “least permission” protocols. This means limiting access to files and network locations based on users’ “need to know.”
• Consider purchasing cyber liability insurance that has ransomware coverage. Insurers offering this coverage will also typically be able to offer or recommend technical assistance in the case of a ransomware attack.

 What To Do If You Are Infected

If you are unfortunate enough to become infected, time is of the essence and you should act quickly to minimize damage.

• Disconnect the original infected computer from the network, including turning off wireless capabilities such as Wi-Fi or Bluetooth. Unplug any storage devices such as USB drives.
• Assess the scope of the infection by determining what resources the original computer had access to, such as network drives, external hard drives, cloud-based storage, etc.
• Determine the type of ransomware causing the infection.
• Contact legal counsel. You may also decide to contact law enforcement.
• Determine your response based on your particular situation. Experienced cybersecurity consultants can assist with formulating a response. You may decide to: restore your data from backup locations, negotiate or pay the ransom, decrypt the files using a third-party decrypting software tool, or do nothing and possibly lose a portion of your data.

While no amount of planning can completely eliminate cyber risk, understanding how ransomware works is an important part of any business’s cyber risk management plan.