Ransomware Alert: What to Do if Your Systems Are Taken Hostage

Ransomware Alert: What to Do if Your Systems Are Taken Hostage

It’s one of the scariest risks a business owner can face. Rogue hackers gain access to your computer system and data, lock you out, and hold your data hostage until you pay a ransom.

It sounds like science fiction. But ransomware attacks have grown into a global threat, with devastating consequences for the victims. They disrupt operations, compromise data, jeopardize customers and suppliers, and create a serious financial burden. And not only large corporations and government agencies are at risk. Midsized businesses, smaller businesses, and even home networks are increasingly being targeted. According to FBI statistics, an average of 4,000 ransomware incidents occur every day, at an annual cost of $1 billion.

How Does Ransomware Work?

Hackers find a vulnerability in an organization’s system and install malware, virtually taking control of their systems and “stealing” their files. In many cases, hackers gain access to your systems when employees unknowingly click on an email link.

The hackers then demand a monetary ransom to return or restore the files. They might ask for a nominal amount, or they might demand millions of dollars, and business owners are forced to either pay or figure out how to recover their systems and data on their own.

What If It Happens to Your Company?

If the unthinkable happens, how you respond is critical. Never try to handle an incident alone. The Cybersecurity and Infrastructure Security Agency (CISA) and the Multi-State Information Sharing & Analysis Center (MS-ISAC) have released an in-depth guide with recommendations for reducing your risks and a step-by-step checklist for how to respond. Here are some basic steps to take if it happens to you:

  • Report It. Any ransomware attack should be reported to the FBI. Contacting the local field office and the Bureau’s Internet Crime Complaint Center.
  • Contain It. Determine how widespread the attack is and which systems are impacted, and immediately isolate those systems. Work with your IT team to determine the appropriate actions, e.g., taking the network offline, disconnecting individual systems, or unplugging or shutting down devices. Be careful to preserve any evidence for law enforcement to investigate.
  • Go stealth. After an attack, hackers often monitor an organization’s communications and response. Avoid tipping off the hackers to your mitigation efforts. Communicate with all stakeholders about the attack through phone calls and other off-network communications.
  • Call Your ISP. Even if the breach wasn’t at your internet service provider’s level, hackers had to go through them to get to you, so your service provider needs to know so they can take action to protect other customers.
  • Restore Backups. You do have backups in a safe location, don’t you? Hopefully, you have a robust backup system and can restore company files while simultaneously handling the ransomware situation. You may need to work with an IT company to keep your backups safe from the hackers.
  • Contact Stakeholders. For ethical, safety, and liability reasons, it’s important to let your customers, investors, and other stakeholders know quickly if the company’s data has been compromised.

Minimize Your Risk

Before your organization becomes a victim of ransomware, take measures to reduce your exposure:

  • Stay informed of the latest cyber threats with sources such as BleepingComputer.com, your local authorities, your internet service provider, and the FBI.
  • Have a cyber incident response plan that includes a ransomware response checklist.
  • Ensure you have robust antivirus software installed and up to date across all endpoints.
  • Provide frequent security awareness training to employees on phishing tactics and other cyber dangers.
  • Keep data backups in the cloud and/or at a separate location from your main facility.

The federal government also offers a guide with best practices and mitigation strategies to help private entities and government agencies prevent and respond to ransomware attacks.

Ready to Talk About Cyber Insurance?

Wilson, Washburn & Forster is a boutique independent insurance agency that has been in business since 1961. We have expertise and connections in the commercial and cyber insurance markets and can also help customize the right mix of coverage to protect against the unique exposures of your business. You will find that our experience, claims handling, service, and community commitment is unrivaled.

Contact us today at 786-454-8384 for a complimentary analysis of your current insurance program by an insurance specialist in this field.

Leave a Reply

Your email address will not be published. Required fields are marked *

Get Your Free Quote Today

WebME Technologies