Ransomware: how to prevent an attack?
Cyberthreat actors are increasingly resorting to ransomware and no one is safe. In fact, all companies can be victims. It is therefore important to have a strategic plan in place to prevent this type of attack, prepare for the worst-case scenario and think about the approach to take to recover from a possible ransomware infection. This document describes how ransomware works and what steps to take when you become a victim of ransomware.
According to a study carried out by Statistics Canada in 2017: “ The challenges facing Canadian businesses regarding cybersecurity and cybercrime ”:
- “Approximately 10% of businesses in Canada reported losing revenue due to cybersecurity incidents, and a smaller proportion (6%) of businesses reported that the incidents damaged their company’s reputation. »
- “The majority of large (91%), medium (83%) and small (72%) businesses in Canada reported having
- employees primarily responsible for overall enterprise cybersecurity in 2017.”
What is ransomware ?
Ransomware, ransomware in English, is malicious software that takes data on electronic devices hostage. It encrypts and locks files to prevent the user from accessing their data or device. Then, the attackers demand a ransom in exchange for a key to decrypt the blocked files. Sometimes this malware installs on a device without our knowledge and it may be inactive for several days before showing up.
Here are the 8 steps to take when you are a victim of ransomware.
Disconnect your device
The very first thing to do is to immediately disconnect the electronic device’s access to any network. This will prevent the ransomware from spreading and infecting other devices connected to it or using the same cloud service.
Determine the type of ransomware
Typically, when you are a victim of ransomware, a message will appear on your screen. The latter may contain several valuable information allowing you to identify the type of ransomware and then find the solution to get rid of it. If possible, take a screenshot or photo of the message. Note that this page may look like a document that was sent by a government agency and mentions that your files have been locked because you used your device to commit illegal activities.
Remove the ransomware
If you’re lucky, these tools will allow you to decrypt your affected files.
Clean your infected device
On the other hand, there is a good chance that these tools will not work. In this case, you will need to clean your device in order to restore it and erase all the data on it. Then you can restore all your files from an unaltered backup copy that was saved offsite.
Update all your devices
Once the threat is eliminated, it is advisable to update all your operating systems, antiviruses, firewalls and make a backup of your offline data to prevent any further attack.
Change your passwords
It is essential to change ALL your passwords for all accounts: emails, login accounts for all your applications/websites, bank accounts, social networks, etc. During the attack, the perpetrators probably made a copy of all your information.
Report the attack
It is important to report your attack to the Canadian Anti-Fraud Center. This way, they can monitor for upcoming attacks and remove the type of ransomware you fell victim to.
Train your users/employees
Once the dust has settled, you need to provide cybersecurity training to your employees and users. This way, you can prevent multiple attacks and help others detect phishing attempts.
Of course, we advise you to hire cybersecurity experts to help you get through a ransomware attack. They will support you and advise you better than anyone.