What is double extortion ransomware?
A double extortion ransomware attack is where a criminal steals and exfiltrates a victim’s data alongside encrypting it. This gives the attack some more leverage to demand a successful ransom sum.
The idea here is to find sensitive data that would be costly to leak. For personal attacks, this could be information that might embarrass or harm the reputation of the victim.
For businesses, this data could be trade secrets, customer data, information about employees etc. Attackers can also sell this stolen information to third parties or publish them on dark web forums.
If I’m attacked, should I pay a ransom?
Security organisations such as the NCSC and the FBI warn strongly against paying a ransom. Why? There’s no guarantee that your attacker will unlock your files if you pay the ransom fee.
The attacker may even ask for more money if they feel your organisation will pay up. These ransom sums may even fund other criminal activities such as targetting other firms or funding other aspects of organised crime.
You should instead invest in protecting your critical infrastructure from cyber-attacks and be prepared.
How do I prevent a ransomware attack?
Here are some important steps to follow to avoid a ransomware attack and mitigate the impacts of a successful infection:
- Regularly back up your organisation’s data: The easiest way to recover your data is to restore it from an off-site backup. We find it best to automate this backup process – and incremental backup regimes may be an efficient way of achieving this. Remember – your backup location shouldn’t be permanently connected to your network as it also may be encrypted during an attack.
- Keep multiple backups of critical files and applications: Don’t rely on one backup medium and store your critical files in multiple locations. Why not try using multiple cloud storage servers, for instance?
- Close any security vulnerabilities by installing filters and antivirus software: Use cyber security tools to plug the security vectors that attackers may use to infiltrate your system. For instance, an email spam filter can help prevent email viruses. A strong antivirus program that regularly scans downloads from the Internet can detect ransomware before it attacks.
- Educate your employees on cyber security best practices: Attackers use social engineering to take advantage of insider negligence. Cybersecurity training can help your employees identify suspicious files and teach them what to do in the event of an attack.
It’s important to have a detailed response and continuity strategy to avoid costly loss of data and productivity. What actions and first response needs to be done when an attack happens? How will your security team remove the virus from your network? What is the process for restoring files from off-site backups? Who’s responsible for actioning this strategy?
What should I do if I’m a victim of a ransomware attack?
It’s important to have a detailed response and continuity strategy to avoid costly loss of data and productivity.
What actions and first response needs to be done when an attack happens? How will your security team remove the virus from your network? What is the process for restoring files from off-site backups? Who’s responsible for actioning this strategy?
As soon as you detect a ransomware attack, you should:
- Immediately disconnect the infected systems and mobile devices to prevent it from spreading to other devices on your network.
- If you believe the ransomware has already infected your network, consider shutting down network connections.
- Reset any passwords, especially for system administrator accounts.
- Any systems that are already infected should be wiped. There is unlikely to be any way to restore the data. It’s best to reinstall the OS or even replace the drives themselves.
- You should verify the ransomware virus is removed from your network before restoring data from a backup. If you’ve lost any data that wasn’t backed up, you may need to send your drives to a data recovery service
- Run an antivirus to check the security health of your network. Run antivirus scans on network traffic to see if any infections remain.
Protect yourself from ransomware attacks with an MSP
Ransomware attacks, if unprepared, can be one of the most costly forms of cyber crime to businesses of any size. However, if you’ve taken the necessary precautions, responding to these attacks can be far easier and less costly.
To achieve this, you’ll need to have a smart and adaptable cyber security strategy. Need some help configuring backups and finding storage solutions? Want to configure a watertight antivirus and email filter? Need assistance in responding to a cyber attack quickly?
Get in touch with our experts today to find out how we can help!