Australian businesses were spared from the WannaCry attacks, which affected 200,000 businesses worldwide. Its impact was only recently felt when it infected 55 traffic cameras in Victoria, causing motorists to be incorrectly fined. However, large-scale cyber attacks like WannaCry are not one-off events, and the next big heist could be right around the corner.
Even if you take all the necessary precautions, there’s no guarantee that your business will be spared. In the event that your small business gets attacked by ransomware, following these steps could save you from further stress.
Disconnect the infected computer from your network
Surefire signs that your system has been attacked by ransomware are locked files and a message asking for payment in Bitcoins. When this happens, immediately disconnect the infected computer from all networks, turn off the computer, disable the Wi-Fi, and take your shared drives offline. Until you’ve confirmed the type of ransomware you’re dealing with, it’s best to keep everything offline to prevent it from infecting other computers within your network.
Investigate the source of infection
After you’ve contained the breach, investigate how your system got initially infected. Email and malicious websites are two of the most common infection sources, but there are other ways. To know for certain, ask employees questions about websites visited, suspicious links clicked, and emails opened using the computer where the infection started. Once you’re certain of the source, it will be much easier to know what to do next.
Get professional help
Enlist the help of IT experts who would know how best to proceed. A knowledgeable Network Services provider will be able to identify the specific ransomware strain, determine the encryption tools that should be used, and provide sound advice on your next steps. Once it’s handled by a team of professionals, inform the rest of your staff so they can carry out operations given the circumstances and contribute to damage control initiatives.
Notify law enforcement agencies
It also helps to report the incident to the authorities, as they might be able to refer you to experts who can investigate your case. The Australian Government encourages businesses to report breaches to the Australian Cybercrime Online Reporting Network, a cyber crime reporting and referral service that gathers data on cyber crime.
Update security software and perform backup
It may not be too late for the rest of your devices, so install the latest security patches, perform backups, scan your entire network — including all incoming and outgoing emails — and educate your employees about cyber security.
There may be instances when backing up recent data will prove futile. At this point, your choices will be limited to restoring backups of data or resetting your computers to their factory settings.
Finally, you’ll also have to make a critical decision about paying the ransom.
To pay or not to pay the ransom
While it’s easy to just say no to criminals, every ransomware attack needs to be treated on a case-by-case basis. To help you decide whether or not to pay, consider these two options:
- Paying a ransom
- This might make the most business sense when you don’t have backups and losing your important files could be more disastrous. In such a scenario, paying the hackers, receiving a decryption key, and getting your files back might seem ideal. It lets you resume operations without causing panic to your customers, albeit with a large dent on your budget. Just cross your fingers the thieves are honorable enough to deliver on their promise.
- Not paying the ransom
- While it may seem like an attractive option, paying ransom is not advisable for two reasons: hackers might not provide you with the decryption key as promised and they might demand more money. This could also start a cycle of attacks where you end up being a frequent target because of your complacent reputation. Of course, with reliable backup solutions, things would never get this far.
Businesses that don’t have enough in-house IT resources might be compelled to just pay the ransom because it offers the easiest way out of a very frustrating situation. But there are options. A managed services provider can help with data recovery, or you may search for free decryption tools online. In any case, paying ransom should be your last resort.
Dealing with a ransomware attack doesn’t mean giving in to hackers’ demands. Austin Technology’s Network Security experts offer invaluable assistance in case of an attack and will work with your team in securing all your endpoints. If you haven’t secured your network or deployed any backup, get in touch with us now so we can help you with present and future dangers.