Ransomware. The fact that only top firms make headlines when they are hit may lead some in Main-street businesses to believe that they aren’t targets for hackers. Somehow, non-Fortune 500™ companies are immune from attack because they are small fish. Of course, no one wants to get hit. But, its intelligent people who are worried about it. Savvy people who are informed about it. Prudent people who are doing something to stop it. Smart businesses are doing everything they can to both prevent a damaging infection and address one if they are attacked. We’ve put together a Ransomware Best Practices Checklist to prepare you and your organization before, during, and after a ransomware attack.
You’ve been warned.
BEFORE A RANSOMWARE ATTACK: An ounce of prevention is worth a pound of cure.
Do Everything Possible to Prevent an Outbreak.
- Complete Regular Backups. All data is backed up locally and in the cloud. It is backed up at least daily and better yet every hour or two. The cloud storage is secure and cannot be deleted. Test the entire system every month or two to make sure it is secure and working properly.
- Educate your ENTIRE team about security. And I mean everyone. Discuss some best practices and examples of ransomware hacks that have been in the news. The more people know the more security-aware they are. You can even start using a security awareness training 3rd party (Google it!) that will “test Phish” your team and provide cybersecurity education videos/testing.
- Filter out as many threats as possible. Spam, spyware, malware, viruses, and phishing emails – Use an Email Security and Threat Prevention platform (Google it!) so most of the bad items never even make it to your email.
- Install (THAT MEANS PAY FOR) Advanced Anti-virus and anti/malware – Use something better than generic free anti-virus and make sure it’s running optimally, up to date, AND you’re actually using and learning from its reports.
- Have an End Point Detection platform running to more fully protect your systems. Think of it as your personal AI that is monitoring your computer activity. If it finds something of concern, it will automatically block the activity. Even if you click on something you shouldn’t, this should prevent anything bad from happening.
- Practice good IT Hygiene:
- Local machines DO NOT have administrator rights (so no rogue apps can be installed)
- User access to servers is regulated/limited/reviewed
- Updates are installed at least weekly and critical security ones immediately
- Users are regularly educated
- Backups reviewed and tested
- Someone is on top of all of this and managing everything. Too often it is just handed to someone who does not want it and then it gets ignored.
- Prepare an Incident Response Plan BEFORE an attack. This is a straightforward plan that helps you navigate through the landmine items if you have a cybersecurity fiasco. Just Google it to find a plan template.
DURING A RANSOMWARE ATTACK: Be quick but don’t hurry.
GOAL: Find the virus, isolate it, and, then, and kill it.
- Take a Deep Breath and Stay Calm. Panicking can only make things worse
- Have someone review and follow the Incident Response Plan you created. If you do not have one then divide and conquer. Have one person who is responsible for communicating internally and externally if needed. Have someone else who is working with IT to get the Ransomware infection under control, stopped, and cleaned up.
- Shutdown the affected machines. Unplug from the network, turn off, or shutdown
- Communicate with your users so they are aware of the situation and know it is being addressed.
- Clean up the infection. There is no magic bullet for this.
- Google the strain of ransomware you have to see if there is a tool to clean that.
- Update and run scans for the anti-virus, anti-spyware, and other security tools you have
- Recover from backups if you can to get your data back. Depending on the amount of data that has been affected, this could take minutes to many hours
- Communicate with your users again. The more they know the better. No one likes to be in the dark especially when it affects their productivity
AFTER A RANSOMWARE ATTACK: Dot Your “i”s and cross your “t”s.
GOAL: Recover fast, protect your organization’s reputation, and learn from the attack
- Communicate to your team how it happened and what you are doing to prevent it in the future. Who needs to know? Do you need to communicate with clients, a 3rd party vendor, or a federal authority of any kind? If so do it sooner rather than later.
- Make triple sure the infection is cleaned up and the hackers cannot get in any longer.
- Run multiple scans on all machines to ensure they are clean
- Review all user logins to all systems to ensure they are all real and have appropriate rights.
- Reinstall software or operating systems if you have any doubts
- Run a Vulnerability Scan on your network (from the inside and externally) and address any items that it finds
- Conduct a post-mortem. Determine how the infection happened and refine procedures to ensure it does not happen again.
- Go over the “Before” section of this document and augment anything needed to limit the chance of the infection happening again