How to Protect Your Business from Ransomware

What is Ransomware?  

Ransomware is a type of malicious software (malware) that locks and encrypts a victim's data, files, devices, or systems, rendering them inaccessible and unusable until the attacker receives a ransom payment. This malware is typically activated when someone clicks on a phishing email or by exploiting security vulnerabilities, such as using unsupported versions of software. 

Why Does Ransomware Matter?  

The impact of a ransomware attack can be devastating for businesses of all sizes. When affected by this malware, one in five businesses completely cease operations until the issue is resolved, according to a report by Datto. Moreover, the average cost of cyber-attacks for small businesses is approximately $8,300 in one year. Thus, these incidents can impose a significant financial burden. 

Guidance to Reduce Ransomware Risk

While ransomware can be a daunting threat, there are several steps businesses can take to reduce their risk and protect their valuable data and systems: 

1. Back up your data, system images, and configurations: Keep backups offline and regularly test your backup configuration to ensure it's working correctly and disconnected from any business network. 

1. Update and patch systems promptly: Keep your operating systems, applications, and firmware up to date with the latest versions to address known vulnerabilities that ransomware attackers could exploit. 

1. Create and test an incident response plan: Develop and regularly test an incident response plan to help you detect, respond to, and recover from a ransomware attack. This plan should include steps for recovering business operations and a strategy for business continuity while your systems recover. 

1. Double-check your security: Consider hiring a third party to test the security of your systems and identify any vulnerabilities that could be exploited by ransomware attackers. 

1. Consider segmenting your networks: Recent ransomware attacks have involved attackers simply disrupting operations, thereby causing general systems or major applications to be inoperable for an unacceptable length of time (e.g., minor or extended power outage, extended unavailable network, or equipment or facility damage or destruction). This can be costly and devastating for small businesses. 
   

Responding to a Ransomware Attack  

If your business falls victim to a ransomware attack, it's crucial to act quickly and follow these steps: 

1. Quarantine the affected machine: Disconnect the infected machine from the network and turn it off immediately. Ransomware can spread rapidly and affect multiple computers. 

1. Notify local law enforcement and your local FBI field office: Report the incident to the appropriate authorities, as they may be able to assist with the investigation and provide guidance. 

1. Contact your insurance agent: If you have cyber insurance, notify your agent and follow their instructions for filing a claim. 

1. Inform employees and customers: Communicate transparently with your employees and customers about the situation and provide updates as the incident is resolved. 

1. Regain access to your data: Attempt to restore your data from backups or abandon the data if backups are not available. Another option is to pay the ransom, but there is no guarantee that you will regain access to your data even after payment. 
   

While paying the ransom may seem like a quick solution, it's important to note that this approach does not guarantee the recovery of your data, and it also encourages the attacker's criminal behavior. This is why, in many cases, it is against the law to pay the ransom. 

*Informative video by the NIST: NIST – Protecting Your Small Business: Ransomware video 

By following these guidelines and taking a proactive approach to cybersecurity, businesses can significantly reduce their risk of falling victim to ransomware attacks and mitigate the potential impact on their operations and finances.