The checklist includes immediate steps that an organization can take after a ransomware attack. It also provides tips for safe online behavior, security tools and computer protection to help organizations manage risk and safeguard sensitive data.
How to Respond to a Ransomware Attack
After a ransomware attack, Zetta recommends:
- Disconnecting an infected machine from the network and internet.
- Using a virus scanner from a bootable disc or USB drive.
- Performing a system restore.
- Reformatting the hard drive.
- Reinstalling the last backup.
With this approach, an organization may be able to avoid the "high cost, and agony, of ransomware," Zetta CEO Mike Grossman said in a prepared statement.
How to Prevent Future Ransomware Attacks
To prevent future ransomware attacks, Zetta suggests:
- Reviewing and updating network security. For organizations that run Windows, Zetta recommends a Windows firewall should be used at all times. Also, organizations should install an anti-virus program with a real-time virus scanner, keep browsers and plug-ins up to date and maintain an inventory of all digital assets.
- Ensuring data and hardware are protected. Backing up critical data regularly and keeping operating systems and applications up to date is essential, Zetta notes. Therefore, organizations should store sensitive data on an external hard drive, secure cloud or both.
- Changing online behaviors and practices. When it comes to ransomware attacks, it is better to err on the side of caution. Avoid downloads from unknown senders or sources, Zetta recommends. Moreover, end users should not download or execute applications from the internet unless these apps come from a trusted source and have been scanned for malware.
In many instances, the end user often "is the weakest link" relative to ransomware and malware attacks, according to remote monitoring and management (RMM) platform provider Continuum. But an organization that teaches its clients and employees about the dangers associated with ransomware and malware attacks can minimize risk.
"Go above and beyond to educate clients on the dangers of malware and ransomware and how to recognize warning signs," Continuum spokesperson Ben Barker told ChannelE2E, MSSP Alert's sister site. "Don't just use the standard, generic slide show or security quiz that is rolled out once a year. There are services available that will simulate attacks by periodically sending employees fake phishing emails to see who is not following security best practices."
The Future of Ransomware
Ransomware prevents or limits users from accessing a system by locking the system's screen or user files unless a ransom is paid. As such, ransomware attacks are a top security concern for MSPs and businesses and plague organizations around the world, which is reflected in recent data.
A June 2016 survey of 540 organizations conducted by Osterman Research revealed 39 percent of respondents said they were impacted by a ransomware attack in the past 12 months. In addition, Symantec found the average ransom demanded by cyberattackers was $679 in 2015, and this figure may continue to climb in the foreseeable future.