A report published by Cybersecurity Ventures predicts that by 2031, ransomware will attack a business, individual, or device every two seconds. The consequences of such an attack extend beyond the leak of sensitive information and financial losses; customers and clients don’t want to do business with organizations that neglect security of customer data.
You can’t simply hope an attack will never happen. The best course of action is to err on the side of caution and implement plenty of preventative measures, but it is equally important to consider recovery strategies, considering that optimism isn’t an effective defense strategy in business.
Remember that you’re dealing with a criminal
Following a successful malware attack, you’ll be dealing with an attacker who has your data in their possession. In a high-pressure situation like this, you might consider some bad decisions, like paying the ransom or visiting an arbitrary website, which will only add fuel to the flames.
In 2021, only 4% of those who paid the ransom recovered all their data. Eighty percent of victims who paid a ransom to recover their data got hit by ransomware a second time. Forty percent of those paid a second ransom, and 9% paid three times or more.
Minimize the loss
What’s the best way to prevent the damage from snowballing into something larger and more severe? The first thing you can do after realizing your computer has been hacked is isolate the infected machine from other network endpoints, storage resources, and Wi-Fi, and disable the LAN along with anything else you believe might work in the hacker’s favor.
You should also reset your passwords, especially for administrator and other system accounts. However, make sure you are not locking yourself out of the systems required for recovery before you reset credentials.
Medibank Private Limited, one of Australia’s largest private health insurance providers serving 3.7 million clients, recently disclosed that it had been the target of a ransomware attack.
It has been reported that the company first detected unusual activity in its network on Wednesday, October 12, and immediately decided to “shutdown parts of its systems, including customer-facing services,” to reduce the chances of data loss.
However, let us not get too deep in this story. The lesson to take away from the above case is that, as you realise an attack has happened, your immediate focus should be on preventing it from spreading and snowballing into something bigger rather than on finding out how it happened.
Investigate
Digital forensics is one of the most effective methods to gather information. It is the process of checking for malicious code, determining its entry, discovering how it propagated, evaluating the impact on the system, recording which ports it tried to use, etc. An accurate forensic report can be used as evidence in court if you’re planning to take legal action against the hacker.
While corresponding with your attacker is unlikely to yield any benefits, it is, however, crucial to determine who the attacker was, what their motives were, and how they carried out the attack.
Start a new chapter
After all the chaos, the least you could expect is to keep the business running, right? Unfortunately, if you don’t have a backup of all your data, you may be in a world of trouble. Rebuilding your business processes from scratch after a malware attack will cause delays in business continuity and could damage the business beyond repair.
This is why it’s essential to start taking backups now. Do it so that your disaster recovery and business continuity plans include a full description of your backup methods and processes; this way, you’ll know exactly what to do in the event of an incident. Forget the past and work on a brighter future.
ManageEngine provides a comprehensive suite of IT security management solutions that investigate and neutralize security threats, ensure compliance, and audit user activity. Visit our website to learn more!