What To Do If Your Business Experiences A Ransomware Attack

Across Australia the risk of businesses and individuals becoming victims of a ransomware attack is becoming a more common occurrence. Unfortunately, ransomware attacks have become a genuine threat to everyone from large enterprises, small businesses and even home users who have no professional or government involvement. 

It’s almost inevitable that every business owner will encounter a ransomware attack at some point in their professional career, with at least 53 percent of businesses being open to a supply chain attack.

One study discovered that Covid-19 saw an increase of 521 percent in malicious emails between the months of October 2021 and January 2022, boosted by the saturation of remote workers and the need for remote services.

Businesses need to be more informed and aware and more prepared for the repercussions associated with being a victim of a ransomware attack.

What happens when there is a ransomware attack on your business?

Even when it feels like you did absolutely everything right, ransomware attacks can still occur sometimes at what seems to be the worst possible moment for you, financially or reputationally.

It is unfortunate for critical data; businesses might feel like they have no choice but to pay the ransom if business operations are severely hindered by the attack. It’s important for every organization to speculate that the data won’t be decrypted even after the payment or that the data might be corrupt. Payment also doesn’t necessarily mean everything will go back to normal. After all, these are cyber criminals who have no regard for the law or their victims’ businesses. Data decryption also takes time, which adds a risk of the data being corrupted by the time it’s accessible to the appropriate hands.

On top of this, paying the ransom acts as a form of positive reinforcement for criminals and will motivate them to attack additional infrastructures and seek out further victims. For the attackers, risks are low, rewards are high, cost of attack is usually negligible. So, it is usually a better option if there is an opportunity to avoid paying the ransom and cut the losses. Quite often, the recovery cost may be comparable with the criminals’ demands, and then it is a no-brainer, taking into consideration the risk that paying the ransom will not help bring the data back.

For businesses who are concerned about being victims of a cyber attack there is one extremely important step many businesses don’t consider after the attack. It’s critical to investigate the source of the ransomware attack and address the issue. If it’s an employee clicking on a risky link, train your employees better in identifying phishing attacks and remind them to keep a safe password that only they know, such as a passphrase.

It is also important to invest in a two-factor authorization software for all devices and employees. Update all your software and hardware regularly, and improve your cyber security infrastructure to keep up with the evolving blows attackers throw your way. Also, configuring your network regularly can intercept malicious traffic and make it harder for criminals to target your organization. If there are gaps in security, they should be addressed. Every security incident is an opportunity to learn more about the vulnerabilities of the infrastructure and improve the security posture. Security is a process, a process of constant improvement, tests and validation.

It is important to make sure that your business has several reliable backup solutions in place to protect your organisation. A ransomware attack can switch from being a devastating blow to a mild inconvenience for businesses with the right backup solutions installed. Good backup should provide built-in security, the ability to patch the systems on restore to prevent reinfection and the ability to provide digital forensics to investigators. As mentioned before, each attack is a source of learning for future improvement, but to learn, you need the data. Forensics can also help to bring the criminals to justice, but without a copy of the data, I’ve observed that it is rarely possible to conduct a thorough investigation.

By playing it safe and following all these steps you can greatly reduce the risk of an incoming ransomware attack while ensuring your business won’t suffer greatly if one slips through the cracks despite your best efforts.

However, it is unfortunate that cyberattacks will never go away. Criminals are intelligent and able to adapt, no matter how quickly cyber protection companies act and release new software and updates to protect businesses from being attacked. The best course of action is to take preventative measures with antivirus, vulnerability assessment and patch management software, and make sure to have a solid backup in place. Mitigating damage to a minimum is a realistic and tangible goal with the right cyber protection solution.