Ransomware: How to protect yourself and what to do after an attack

With the vast increase in the number of ransomware viruses, it is essential for companies to protect themselves and take the right steps if they come under attack. Start by not giving in to blackmail.

If a ransomware attack follows data theft, it’s certainly best not to follow in the footsteps of Uber. The well-known American private hire company not only confirmed last month (more than a year after the fact) that it fell victim to a data theft affecting 57 million customers and drivers, but it is also suspected of having paid a $100,000 ransom to hackers.

A spike in ransomware attacks and sky-rocketing ransoms

Uber is a case in point of what not to do, at a time when malware attacks like this are increasing exponentially. Look no further than what happened in May 2017 with WannaCry. This ransomware infected several hundred thousand computers around the world, and rendered their files unusable. To recover them, a message appeared on screens, requiring the payment of a ransom of $300 in Bitcoins, which would double after a few days if not paid.

Joining WannaCry on the long list of similar “extortionist” software programs are Cryptowall, TeslaCrypt, Locky Ransomware, Cerber Ransomware, CTB-Locker and Petya.

Their significant increase over the last few years means that it is more and more likely that users will come under attack. In 2016, according to Kapersky Lab, there was an attack somewhere in the world every 40 seconds! The ambitions of hackers who hide behind ransomware are also increasing significantly: in the United States, the average amount of requested ransoms increased from $294 in 2015 to more than $1,000 the following year (according to a report by a fellow protection organization).

Ransomware risk: a major concern for businesses

A risk such as this cannot be left unchecked. According to a study by Intermedia, this type of cyberattack is considered by businesses as the number two most significant threat (29%), after hardware failures (30%). A study by Ostermam Research also reveals that 79% of French companies with fewer than 1,000 employees say they are worried or very worried about this issue.

Indeed, the annual cost of these ransomware viruses increased from $325 million in 2015 to $5 billion in 2017.

How can you protect your business against ransomware?

Basic security measures do exist, starting with regular updates, using an antivirus software, not opening suspicious e-mail attachments or messages from unknown senders, and regularly backing up to an external drive, whether removable or in the cloud.

But what can be done when these precautions are not taken, or are not enough? First and foremost, don’t pay! Giving in to hackers only serves to encourage these illegal practices. Unfortunately people don’t seem to be heeding this advice, according to an Intermedia study: 59% of employees at large companies (with more than 1,000 employees) who are victims of ransomware, pay the ransom themselves. However, for one in every five payments, the stolen data is still not recovered.

What to do in the case of a ransomware attack

There are several steps to take:

  • Disconnect the machine from the network to limit the intrusion.
  • Keep your computer on and do not try to restart it; otherwise, you could lose information that may be useful in analyzing the attack.
  • Inform the company’s security manager.
  • Find out the name of the ransomware (an old version may have an “antidote” to restore the files). In order to do that, visit the website nomoreransom.org and download the decryption tools that are available for some ransomware.
  • Attempt to restore your data using the automatic backup systems of some operating systems or your own backup system.
  • Recover your files on a storage service such as Dropbox if your computer has been synchronized with this type of service.

Share on

Ransomware cyberattacks often bypass conventional protection on corporate workstations. Because the training your IT teams receive on best practices for digital security may not be enough, Stormshield Endpoint Security provides high-level, proactive protection against today’s digital threats.