Ransomware Remediation 101

The best approach to dealing with ransomware is to be prepared for it before it happens. But that’s no good to you if it’s already happened and, despite your sobs and keyboard flails, you’re now locked out of your system. How are you even reading this?

Let’s back up a bit, literally and metaphorically, with a quick overview of some of the most effective ransomware remediation strategies you are probably wishing you had enacted yesterday instead of scrolling through memes and drinking your soy-vanilla-extra whipped cream latte. We’ll also throw in some useful shutting-the-stable-door actions for next time.

Hang On, What’s So Special About Ransomware?

Ransomware is just another gross type of malicious software, but what makes it eviler than standard malware is the intent. Ransomware attacks are played out through the unholy trinity of extortion, hijacking, and blackmail by morally depleted and uncool humans chasing money or data, or because they’re pathetic enough to enjoy scaring other people (and not in the fun Halloween-type way).

You’re looking at two flavors of ransomware:

Crypto ransomware encrypts your files and then demands something in exchange for an encryption key.
Locker ransomware blocks access to your entire system or network.

No business is too big, too small, or too weird to be attacked by ransomware, so always assume you’ll be attacked. Ransomware attacks are sneaky–you’ll get them through:

Falling for a phishing attack.
Visiting an infected website.
Clicking a malicious ad or pop-up on a genuine website.
Failing to update OS, software, or other system vulnerabilities.

So, what should you do now? It’s time to get strategic.

Your Shiny Ransomware Remediation Strategy

An anti-ransomware strategy should be a key part of your overall IT strategy and also play into compliance. There are three broad strands:

Protection: This part of your strategy outlines the defenses you’ll put in place to protect your people and IT infrastructure from ransomware attacks. It’s good to adopt a defense-in-depth approach because there are a whole ton of ways ransomware can jump aboard. Layering your defenses across different attack vectors is more likely to keep them out to sea.
Impact mitigation: Here’s where you outline what needs to be done to reduce the impact of ransomware on your business, should an attack get through.
Responding to a successful attack: Your plan of action following a successful ransomware attack.

Ah, feeling better? Strategies do that. Let’s put it into practice.

Start With Protection

Defense-in-depth is a tiramisu of cyber protection that’s not as tasty as actual tiramisu, but a whole lot better at protecting your business from ransomware. Layer up with:

Phishing Training

When ransomware comes knocking, it’s often your own team who let it in. Ransomware is socially engineered to make it easy and reasonable to open an email attachment, click a pop-up, or respond to a message on social media. Phishing training – and especially phishing simulation – aims to change people’s behavior through awareness and practice to just say no.

Reducing System Vulnerabilities

Your IT ecosystem has lots of ways in for that pesky ransomware, but you can plug up the gaps and reduce the risk of a successful attack by:

Updating All The Things: We’re not ageist but unpatched software, creaky old OS, and hardware that’s had too many birthdays are a ransomware villain’s best buddies. Break up that friendship by practicing the policy of Always Be Updating. Update your OS and say “yes” to security updates and bug fixes. Enforce it using the asset inventory magic of mobile device management, which will help you spot and update the old stuff.
Not ignoring those pesky nudges and actually installing and updating your antivirus software, dammit.
Deploying DNS filtering. DNS filtering is a piece of cleverness that works out the ransomware servers all by itself and then blocks access to them. No access means no evil encryption.
Using third-party mail filters and intercepting proxies that quarantine emails that smell like ransomware, remove attachments, and warn the recipient.
Using multi-factor authentication and cloud single sign on to protect against identity hacking.

Mitigate Impact

Mitigating impact is all about making a successful ransomware attack less crappy for your business. We’ve three words for you: back it up. And, no, we aren’t talking about showing off your killer dance moves.

Ransomware criminals want your data. They want to block you from it, destroy it, or publish it. If you’ve up-to-date backups of said data, it’s kind of a partial middle finger to them. You can access your data, so at least you’ve solved that problem. Good back up practice includes:

Keeping backup software patched and updated.
Backing up regularly so your data is always up-to-date.
Scanning backups for malware.
Testing file restoration from backup to make sure it works.
Creating offline backups, kept separate from your network.
Making sure historical backups are still available to you.

Respond to a Successful Ransomware Attack

So, it’s happened. The dreaded ransomware pushed its ugly face through the door and won’t let you do your thing until you’ve stumped up some bitcoin. Luckily, your strategy has given you an action plan, which means that you’ll already have decided:

How to collect evidence of the ransomware attack, e.g., taking an image or screenshot of the ransom demand.
The actions and responsibility for quarantining the infected system and disconnecting backups.
How you’ll respond to a ransom demand. Note that if you pay up, there’s no guarantee that you’ll get back access to your data, you may be seen as an easy victim, and it keeps the ransomware baddies in business. Law enforcement agencies don’t encourage or condone paying up.
Whom you should notify about the attack, e.g., law enforcement, regulators, and data owners.
The processes required for rebuilding your systems.

Ransomware Remediation: Next Steps

There’s not one part of being the victim of a ransomware attack that’s fun. It’s psychologically super-stressful as well as a direct threat to your business and its reputation. The only good news is that there are lots of things you can do to reduce that threat through ransomware remediation, and the first one of these is to give us a call. We’ll take it from there.

Ignition is Silicon Valley’s best (and friendliest) IT security, compliance, and support team. Contact us today–chatting about IT support and cybersecurity is our favorite thing to do!

5 Overlooked Ways Device Inventory Management Boosts Cybersecurity

Hybrid Workforce Management: IT Solutions for the Distributed Workforce

Adolescence can be brutal.

You bombed the big test. A growth spurt left you with pants that stop at your shin. The school jokester snuck a bag of live bait in your locker.

You're now past all that, but what's changed? Your new biz is hitting roadblocks, it's not prepared for scaling, and its cybersecurity can't stop worm attacks (see what we did there?)

The good news? We know IT solutions for startups, and we can help you pass that test, stay in clothes that fit, and keep your stuff safe.

Contact us today to get started.

CONTACT

SEARCH

CATEGORIES

Geeks made out of real people.

Contact Us

Are you a...*
- New Customer
- Existing Customer
What is your name?*
First
What is your phone number?*
What is your email?*
How can we help?
Name
This field is for validation purposes and should be left unchanged.