VoIP Fundamentals | OnSIP

How to Handle Ransomware

Written by Margaret Joy | September 15, 2021 at 2:00 PM

Most cyberthreats aim to fly under the radar. The longer an attack goes undetected, the farther it can travel into your system and collect as much data as possible. Ransomware lacks such subtlety—or at least, it likes to make a big entrance on its terms and schedule. 

Fortunately, there are plenty of options when it comes to protecting yourself against ransomware attacks. There are even sources to help you decrypt ransomed files on your own, hopefully saving yourself a decent chunk of change. Read on for tips on protection and removal to help you stave off ransomware attacks.

Ransomware Detection

If you’ve read any of our cybersecurity blogs, you know that we’ve laid out best practices for overall cyberattack protection more than a few times. While ransomware attacks involve additional factors like negotiation and payment, your best bet to prevent a successful attack still falls in line with basic cybersecurity tips. 

Ransomware attacks follow the same subversive tactics as other cyberattacks to access and encrypt your files. Once they have them locked down, they’ll announce a ransom. General cybersecurity prevention tactics can help you nip ransomware attacks before they hit the payload. To recap:

  • Employee education is a must. Human error is one of if not the leading cause of successful cyberattacks. (Metrics change on a dime, but this remains a constant. Besides recognizing phishing or similar attempts, this includes implementing secure password habits, staying up to date on patches, and endpoint protection. 
  • Network monitoring is also key and will alert you to suspicious activity like someone trying to access files who shouldn’t be, or unusual communications.
  • Limit access. Just because someone is employed at your company does not mean they need access to everything in the system. Billing, sales, and support teams need customer information and details—engineers and marketers probably don’t. Best practice is to deny access to everyone outright and allow it on a case-by-case basis.  
  • Understand and implement base protective infrastructure like privacy by design and the shared responsibility security model.
  • Last but never least: Back everything up! 

Best Ransomware Protection

We’ll point you to this Tech Radar article on the best paid and free ransomware protection and removal methods. Luckily, most anti-virus and anti-malware software have ransomware protection built in. Given that ransomware behaves like other cyberattacks before hitting the point of encryption, investing in solid protection is in your best interest. Tech Radar includes their preferred choices for ransomware removal software.

Ransomware Removal

Ransomware removal is a tricky road to walk. Do you pay the fee and hope the hackers have enough integrity to reinstate your files upon payment, or do you try and recover them yourself? Naturally, you don’t want to chance the hackers publicizing your files because then you’re looking at hefty data privacy fines

On top of that, there’s no guarantee that you’ll be able to recover the files on your own. Like all forms of cyberthreats, ransomware continues to evolve. The Tech Radar article linked above references a great list by Avast: It chronicles 21 known types of ransomware complete with instructions for removal. On one hand, it could be worth a shot. On the other, data recovery and business continuity revolve around the shortest turnaround time possible, and successfully decrypting files can take a long time and may end up costing more than the original ransom. As a result, most cyber insurance companies recommend paying upfront. 

“As insurance companies have approved six- and seven-figure ransom payments over the past year, criminals’ demands have climbed…the increase in payments by cyber insurers has correlated with a resurgence in ransomware after it had started to fall out of favor in the criminal world about two years ago.”          

As for why ransomware has suddenly come back in vogue, Last Week Tonight with John Oliver has three ideas:

Ransomware Insurance: Worth the Risk?

We’ve recommended looking into cyber insurance before, and it’s certainly a good idea with attacks increasing nearly exponentially since the start of the pandemic. But there’s an asterisk next to ransomware’s place in cyber insurance. Pro Publica explored the rather distorted relationship between ransomware’s growing popularity and insurers’ role in furthering it: 

“Cyber insurance is what’s keeping ransomware alive today. It’s a perverted relationship. They will pay anything, as long as it is cheaper than the loss of revenue they have to cover otherwise.”

It’s come to the point that at least one major insurance company has stopped covering ransomware. Additionally, simply trying to protect yourself with insurance can put a target on your back if it’s publicly known. Hackers will see an easy payout and go after your company because of your policy. We’re by no means insurance or legal experts, but as with all cybersecurity education, the more informed you are, the better.