Maximize your protection, eliminate business risks.
Optimize and modernize with cloud transformation.
Empower your people to work securely from anywhere.
Let us handle IT so you can focus on growing your business.
Get multichannel 24/7/365 expert end-user support.
Stay ahead of attacks with 24/7 protection and monitoring.
Maximize uptime with with industry-leading DRaaS.
Improve efficiency, productivity and outcomes with cloud.
Ensure all mobile devices, everywhere, are secure.
Gain a competitive edge with strategic IT solutions.
This battle-tested checklist enables your team to swiftly initiate a ransomware response.
IT for businesses of all sizes, in any industry.
Empower institution growth with custom IT solutions.
Ensure your firm is always in compliance.
Improve patient care and staff morale.
Deal with pressing legal matters, not IT.
Keep up with the evolving digital landscape.
Focus on your mission by outsourcing IT.
Accelerate PE client deals and secure data.
Leverage your technology as a strategic asset.
Execute initiatives and develop IT strategies.
Get the latest industry insights and trends.
Join us at events in person and online.
Hear from clients and learn more about strategic IT.
See how Dataprise can make IT your greatest asset.
Get informative technical resources from IT experts.
Stay on stop of emerging cybersecurity threats.
Discover the key areas of DR your organization needs to address to ensure downtime is minimized.
Gain a strategic asset by bringing harmony to IT.
Ensure 24/7 support and security with dedicated teams.
Drive business forward by partnering with Dataprise.
Meet our one-of-a-kind leadership team.
Discover the recognition Dataprise has earned.
Help us help businesses with strategic IT.
Embracing different perspectives and backgrounds.
Find a Dataprise location near you.
Dataprise is committed to empowering more women to consider a career in technology.
Posts
By: Stephen Jones
Table of content
Walking in to a ransomware splash screen on your organizations’ computers can be terrifying; and trust us, ransomware attacks are designed to terrify. Often times untraceable bitcoin payments are involved (and sometimes even extortion demands) in order to gain access to your computer, sensitive files, or network.
Ransomware attacks are currently considered by many reports as the top cybersecurity threats, and for good reason. Not only is data theft a profitable industry, costing companies on average $761,106 per payout, but attackers have taken things a step further by publicly disclosing sensitive data on leak sites.
If you discover ransomware in your system, the most important thing to do first is not to panic. Taking the right steps as soon as you think an attack is underway can have a positive impact on the cost to your organization (cost and reputation).
Once you’ve been hit with ransomware, mitigation is key. We’ll review the following Dos and Don’ts below:
Step 1: DO isolate network traffic to mitigate the risk of continued adversary activity.Step 2: DO NOT turn off servers until you are certain they have not been affected by ransomware.Step 3: DO verify the state of business-critical system backups and make an offline copy of these backups.Step 4: DO contact legal counsel and inform them of the situation.Step 5: DO NOT try to “clean up” the ransomware without professional assistance.
“80% of victims paid the ransom, but many still could not recover” (Veeam 2023 Ransomware Trends Report)
“80% of victims paid the ransom, but many still could not recover”
Ransomware is a form of malware (malicious software) that threatens to publish a victim’s data, or prevents access to their systems or personal files unless a ransom is paid. Files may be encrypted until a sum of money in cryptocurrency is paid in order to regain access.
Generally ransomware arrives in the form of an unsuspecting file or link. For example, you could receive an email from what looks like your bank or workplace, asking you to “log in” to your “account”. The link would then redirect to a malicious, downloadable and executable file, thereby giving attackers a solid foothold into your system.
Once inside, hackers are able to move laterally, run scripting, and launch an attack. Check out our other blog article about the full anatomy of a cyberattack and how it can all start with a simple email.
23% of all cyberattacks in 2020 were ransomware attacks. (IBM Threat Intelligence Index)
23% of all cyberattacks in 2020 were ransomware attacks.
Typically when investigating an instance of ransomware, we look out for a variety of “indicators of compromise”, or things that look out of the ordinary in your network. Here are a few things to look out for if you’re not sure if ransomware is in your system, or if you’ve noticed something suspicious.
If any of the above seem out of place, you’ll want to follow the below steps carefully in order to prevent further and future damage.
You may be tempted to remove ransomware yourself once it’s discovered, but doing so could leave you susceptible to future attacks. Even if you find yourself wanting to pay the ransom right away, your data and reputation are still on the line. Follow these 5 tips below to achieve a quick resolution that doesn’t place your company and data at greater risk.
Once you determine there is an active ransomware attack, you need to stop the spread and prevent the attacker from maintaining their foothold on network connectivity. You can accomplish this by building “islands”. This way you slow and prevent traffic entirely within your network. We recommend blocking connections at the following locations:
The applications attackers use are often stored in the computer’s live memory. This is valuable forensic information that can be used to determine the most effective countermeasures against an attack. Restarting or rebooting assets clears the live memory, wiping out this valuable data. Servers should stay on, but must be isolated (see Step 1).
Attackers have invested time, and they want to get paid. They will often target backup solutions and, if found, delete them, to prevent the victim from rebuilding critical assets. An offline copy of the backups reduces the likelihood that all quality backups will be destroyed by ongoing ransomware efforts.
Every state has laws around breach disclosure that stipulate what you need to do if your organization has been the victim of an attack. It’s important to consult legal counsel with experience in cyber law to help you determine whether or not public disclosure of the event is required by law.
While it may be tempting to try and clean up a ransomware attack on your own, this can increase your chances of falling victim to a future attack. Once an adversary is inside your network, they can turn 1 back door into 5. Attackers also share information about successful attacks with fellow hackers. Proper hunting and remediation is key to future protection.
When most people think about ransomware, the cost of the ransom itself is what comes to mind. But much more than bitcoin is at stake when it comes to payment: there’s also downtime, people time, network cost, lost opportunity, and lost revenue to consider. When constructing an incident response plan, we recommend that organizations calculate how much a ransomware attack could cost their business.
To put it in context, an average North American business suffers about 14 hours of IT downtime per year, to the enormous detriment of SMBs and SMEs. Costs incurred can range from labor to record recovery to incident response. The figures below demonstrate the average revenue cost of downtime per year.
Simply take your gross annual revenue, divided by 2080 hours, and multiply that by the percentage impact or variable revenue percentage, and multiply that again by the number of hours of downtime due to a breach, and you’ll end up with the total cost of lost revenue due to a breach.
Ready to learn more about combating ransomware? Watch our “How to Survive a Ransomware Attack” video:
INSIGHTS
Subscribe to our blog to learn about the latest IT trends and technology best practices.