Ransomware has become a particularly popular form of cyber attack in recent years. It is nearly impossible to trace, has a direct monetary payoff for the hacker, and has a high likelihood that the victim will pay the ransom. Because of these factors, it is incredibly difficult to completely stop ransomware from occurring. There are even such programs as “Ransomware as a Service” (RaaS) which grants fledgling hackers everything they need to launch a ransomware attack. Odd as it may sound, some of these services even have customer service representatives to assist hackers with using their product. It’s a big business, but there are things you can do in your own IT environment to stop ransomware or at least protect yourself.
Responding to a Ransomware Attack—without Data Backups
If your environment is struck by a ransomware attack, there are few options available to you. Ultimately, you must decide whether to pay the ransom or wipe any locked-down elements in your data center. Regardless of your final choice, take the following actions as soon as you discover your environment is affected.
- Report the attack to law enforcement. They may not be able to provide much assistance, but it is important to make an official record of the attack.
- Disconnect infected computers and servers from the rest of the network to prevent the virus from spreading further.
- Use a malware detection and removal tool to stop ransomware from continuing to corrupt your environment and remove the virus from your network. This will not remove the already encrypted files, but it will destroy the source.
- Decide whether encrypted files can be deleted or the ransom should be paid. If you decide to pay the ransom, purchase the requisite amount of bitcoins and deliver them as per the hacker’s instructions.
- As a side note, ransomware hackers do tend to deliver the decryption key once paid. It doesn’t always happen, and some hackers fail to follow through after receiving their money. However, many of them provide the decryption key to ensure that future victims take them seriously.
Stop Ransomware—with Data Backups from Carbonite
An organization’s response to a ransomware attack has a completely different ending if the organization employs a robust data backup strategy. Using the cloud and on-prem backup capabilities of data backup developers, such as Carbonite, the organization can establish a data backup schedule that regularly stores copies of their environment on-prem for quick access as well as in the cloud for archival purposes. With these backups in hand, an organization has the opportunity to fight back against and ultimately stop ransomware attacks.
With data backup from Carbonite, your company would still perform steps 1-3 above as normal, but instead of paying the ransom to decrypt files, IT can simply delete them and restore the files from backups.
Data Backup: A Net Positive
Granted, depending on the particular backup strategy of the organization, the company may still lose some data. If the most recent backup was from last week, the company would unfortunately lose any data created in the interim. However, they would still avoid the reputational damage of being hacked, the cost of the ransom, and the opportunity cost of time wasted capitulating to a hacker’s demands.
All in all, a well-developed data backup strategy is key to a company’s ability to stop ransomware.
For Further Reading: