833-33-CYBER
(833-332-9237)

Cyber Security for Business: Ransomware Incident Response

Summary: What is the cost of ransomware, the benefit of a ransomware incident response plan and does paying ransom ever make sense for small businesses?

How Does the Cost of Ransomware Affect Small Businesses?

For a small or midsized business (SMB), few things can be as unsettling as having your hard-earned company data held hostage by cybercriminals. You might believe you’ve invested appropriate time and money in cybersecurity. However, clever hackers invest their own time and money in finding new ways to breach your data and throw your business operations into turmoil. Among their tools, ransomware is one of the most widespread cyber threats.

The two main types of ransomware attacks are crypto ransomware and locker ransomware. Crypto ransomware encrypts your most sensitive, private data and will not decrypt or release the data until the ransom is paid. Locker ransomware locks all your devices until the ransom is paid. Both ransomware approaches are potentially crippling to an SMB.

Q: What is an appropriate ransomware incident response directly following an attack?

A: If ransomware is detected, disconnect infected devices from the network right away to limit spread. Notify your IT provider or cybersecurity specialist and avoid restarting systems unless advised. Preserving system logs and evidence helps investigators determine how the attack occurred and what systems may be affected.

Does Paying Ransom Ever Make Sense for SMBs?

The FBI and most cybersecurity professionals strongly contend that businesses should never pay the ransom for two primary reasons:

Unfortunately, anyone can download ransomware onto a computer without knowing it. By clicking on ads, opening email attachments, clicking links or visiting websites with embedded malware, even computer-savvy users can unwittingly open the door to a ransomware attack. Then, the attack manifests and is discovered when users try to log on to their computers or their files become encrypted. When this happens, users will encounter a message such as:

WARNING! Your Files Have Been Encrypted! You Have 24 Hours to Pay the Ransom.

The cost of ransomware can be devastating for a small and midsized business. SMBs generally don’t have the resources to recover from such attacks. It’s estimated that 60% of small companies go out of business within six months of any cyberattack. As ransomware becomes the attack method of choice for many cybercriminals, it is imperative that companies create appropriate ransomware incidence response plans as part of their overall cyber threat protection process.

Q: Should a small business pay a ransomware demand?

A: Paying a ransom is risky and generally discouraged because it does not guarantee that files will be restored or that attackers will leave your systems alone. Many organizations work with cybersecurity professionals and law enforcement to explore recovery options such as restoring data from clean backups instead.

Before hiring IT professionals to provide ransomware services, the most basic free protection is embracing a company-wide mantra: “Think before you click!” Users must be trained and retrained to check their impulses to click on links or open attachments without first ensuring they are from trusted sources. In general, instituting mandated cybersecurity for business best practices for your employees can help keep your SMB from falling victim to a ransomware attack. However, there are a few other simple measures that can help avoid ransomware:

Many companies are required by law to protect the personal and financial data they collect from clients. If companies have been attacked by ransomware, their clients have also been attacked. For medical and legal practices, safe and secure data is crucial to their reputations. The cost of ransomware attacks can put high-compliance companies out of business and expose them to ongoing legal challenges.

Q: How can backups help ransomware recovery?

A: Reliable backups allow businesses to restore systems and data without relying on attackers. Backups should be stored securely and separated from the main network so ransomware cannot encrypt them as well. Regular testing confirms that backup files can be restored quickly if an incident occurs.

Ransomware Incident Response Case Study

A law firm in Manhattan installed excellent cybersecurity when it opened in the early 2010s. It also had a part-time IT contractor stop by once a month to check its system and handle any problems or needs that might have arisen since the previous month’s visit. However, no best practices were established for the partners, associates and administrative staff. Some employees were more careful than others when opening email attachments or clicking on embedded links.

One morning, the managing partner got to the office and went to log on to the network only to find that the company’s system was locked, and a ransom demand appeared on her screen. The firm was the victim of a ransomware attack.

The company recovered from the attack quickly, but unfortunately, some of its clients’ private data had been breached. Over the next three years, the firm faced multiple lawsuits from those clients and ultimately had to pay considerable damages.

How can Cybersecurity for Business Prepare You for Ransomware Incidents?

Preparation includes maintaining updated software, training employees to recognize phishing attempts and creating a documented incident response plan. Regular security assessments and backup verification also help. Working with a cybersecurity professional ensures that response procedures are clear and systems are better protected before an attack occurs.

Give us a call if you’re looking for a Manhattan-based cybersecurity provider or contact a small business IT security expert near you to learn more about outsourced IT security and managed cybersecurity services for small and midsized business networks.