Businesses Beware of Ransomware

July 31, 2024

Bank Iowa Businesses Beware of Ransomware

It’s hard to go a day without hearing of another high-profile ransomware attack. Yet, headline-making incidents are only a small portion of the attacks levied against businesses across the globe.

Small businesses are especially vulnerable, as bad actors are drawn to systems that are respectively less prepared for a cyberattack. In 2023, at least 75% of the cases handled by incident response firm Sophos were for small businesses.   

How Ransomware Attacks Happen

Ransomware actors have several methods for downloading malicious software onto a victim company’s network. The most common is a phishing email sent to an employee who opens an attachment or clicks a link.  

Once the ransomware is installed, it connects to a server to send the bad guys information about the good guys’ system. The server sends back instructions, and the ransomware encrypts files from the victim’s computers, networks and even cloud storage.

Shortly thereafter, the victimized company receives a ransom demand from its attacker. The company receives a decryption key to unlock their files if the ransom is paid. Of course, criminals are what they are, and they don’t always hold up their end of the bargain.

How to Minimize Ransomware Fallout

Prevention is key. However, given the proliferation of ransomware-as-a-service solutions, it’s easier than ever for criminals to pull off these schemes. The better move may be to focus on minimizing the fallout of what some in cybersecurity circles consider inevitable attacks.

Hands down, the best way to reduce the impact of a ransomware attack is to have a thorough and consistent file and software backup strategy. That way, you are not beholden to the whims of your attacker.

Importantly, backups should live outside of your network so a hacker can’t lock them up right alongside the original files.

What to Do if You’re Attacked

It’s a best practice to have a ransomware response plan in place and understood among those team members most likely to be in a decision-making position when an attack occurs. Having a plan prevents panic and the unwise decisions that often accompany it.

Common strategies found in ransomware response plans, include:

Immediately disconnect devices and systems from the network. This can prevent malware from spreading.

Compare encrypted files to backups. Look for any gaps to understand the full scope of the attack and its potential ramifications.

Avoid paying the ransom. Making ransomware attacks profitable for the criminals only exacerbates the problem. And, there’s no guarantee they will respond with the decryption key.

Contact an incident response partner. Proactively partner with a cyber incident recovery provider to have an expert available at the first sign of a problem.

Call the cops. Law enforcement has been investing greater time and attention into the pursuit and capture of ransomware crime rings. Your incident may be a helpful data point for their investigation.

Call your bank. Unless there is an immediate need to consult with your financial institution, this can wait until things have calmed down. However, ransomware actors not only encrypt files but also read them. This may give them access to things like financial account numbers and accounting system login credentials. If your bank knows about the increased risk of financial fraud, they may be able to layer on additional safeguards.  

Debrief. After the incident is resolved, review what happened, document lessons learned and prepare next steps to make the next attack easier to prevent or weather. It’s a widely held belief that a company that is successfully attacked once is more likely to be attacked again.

For more best practices, check out the FTC’s tip sheet, “Cybersecurity for Small Business: Ransomware.”