Cyber criminals are becoming more successful with ransomware attacks because many businesses do not realize how the virus encrypts their files. The virus is introduced into a business computer system via a “phishing” email. These emails may appear to be from clients, customers, or other businesses to entice staff to open them. Once the email is opened, the virus spreads through that computer and any other computers on the network. Files, documents, data, and images are suddenly encrypted which locks people out of the business system. A demand for payment is presented in exchange for the decryption key.
Businesses will often pay the ransom because they cannot continue to do business until the virus is eradicated. The key may, or may not be released after the first payment because some criminals demand further payments. Training and educating employees on IT safety and how to recognize phishing emails are ways to reduce the risk of ransomware attacks. Another way is to have a risk assessment completed on the systems. So many business owners think they have secure networks, only to find out during an assessment that there are several weak spots in the system. Do not wait until the system is attacked to discover holes in security. Being proactive can help protect the business from attacks. Limiting access to files and databases will also reduce the likelihood of an attack.
Once an attack has begun, there is very little the business can do to improve the situation. In order to keep the virus from spreading, isolate infected machines and disconnect them from the network. It is also wise to close shared network drives. Those actions will not stop the virus, but can contain the damage. Paying the ransom is no guarantee that the files and data will be fully restored. Information may be damaged or lost. Consulting with ransomware experts as soon as possible is the best hope of restoring data and eradicating the virus. Damage control for future attempts at hacks or attacks can be increased by backing up data in more than one format. Flash drives, secured servers, cloud storage, and off-premises backup can be mixed and matched to ensure data is accessible at all times.