The productivity of your employees is paramount. Unfortunately, with a single mouse click, one employee could bring your entire company to a screeching halt. Even worse, your company could be held hostage to pay a substantial amount of money to return to business-as-usual. That’s the definition of ransomware – a growing epidemic amongst small, medium, and even enterprise businesses.

How do I know if I am affected?

If you’ve been affected by ransomware, you’ll become aware very quickly. You may have clicked on a spam/phishing email or visited an unknown website and clicked a link. Your computer probably seems to be acting very slow and error messages are popping up. Finally, you may see something like…

petya ransomware

Yes, you have been infected.

How Does Ransomware Work?

Ransomware will be spread via spam or phishing most commonly, but can also be attached to websites and then penetrate your network. People who craft this malware are constantly trying to find new ways to infect your computer. Once infected, the ransomware software will lock your files using an encryption protocol. At this point your computer is unusable and there will be some type of messaging demanding a payment. Typically, payment is demanded in bitcoins to decrypt your files.

But it won’t happen to my company…

Ransomware does not discriminate. It does not matter if you have a large or small organization. No computer is immune from being attacked. Ransomware attacks like WannaCry even show how hundreds of thousands of computers are susceptible to attack. Ransomware has become so widespread that all companies are at risk.

What do I do if I get infected?

Remove the infected computer from its ethernet connection or wireless connection immediately. Some Ransomware wants to begin seeking out additional computers on the network once it’s downloaded.

Identify the type of Ransomware. You can go to sites like nomoreransom.org or id-ransomware.malwarehunterteam.com which will help identify what type of Ransomware you have and what you are dealing with.

Report to the authorities and your insurance company. The FBI urges victims to report the infection, and your insurance policy may contain a cybersecurity policy. They should be made aware and will provide assistance.

Determine your options. At this point, you only have 3 viable options.

  1. Try to remove the malware, which is sometimes easier said than done.
  2. Pay the ransom.
    1. In most cases, people are urged not to pay the ransom because there is no guarantee that upon payment you will get your computer unlocked.
  3. Wipe your system completely.
    1. Unfortunately, if you have any information saved locally it will all be lost. But, by rebuilding the system from scratch it will ensure that everything is gone.

If you do decide to pay and they do provide you the encryption code it is strongly urged to get your files off that computer and then rebuild the machine to ensure that no other ransomware is laying dormant for another day.

What do I do after remediation?

Corporate employees should continuously be vigilant in making sure that they do not open questionable emails or visit questionable websites while in the office. Ongoing training such as those that cover phishing emails are available, for a nominal cost, and can help employees identify what to look for.

What if I don’t have time for any of that?

ACS has helped many companies who have been attacked and have implemented tighter safeguards and training to help reduce the chance of future attacks. If you would like to speak with us about how to better protect your organization please contact Chris Mackin at cmackin@acs.com or call 508-238-6334. We would be more than happy to help you assess your level of risk.