We thought it would be helpful this week if we gave you a little information straight from the mouth of a cyber-victim—someone that has fallen to ransomware. While we decided to conceal this victim’s identity for self-preservation, I’d consider this individual one of the smartest people I know and a pleasure to work with. When I discovered that even they were susceptible to ransomware attacks, I knew that anyone could fall victim if all the necessary safeguards aren’t in place to steer clear from these malicious scams.
So today, after talking with several victims, including the one I mention above, I’ve put together some questions to ask yourself to deal with a hack.
The First Question I have for you is what is the current situation? Assess what data was taken or encrypted. Who was infected in your organization—did the virus spread to every machine? How did you eventually notice a problem? Until you can really understand the scope of the problem, can you really come up with the best strategy to recover and learn from the incident. When I clicked on the link in an email from the CEO of our company, it took me a day to realize that things weren’t Kosher. All of my files were encrypted and I really couldn’t get any work done. A ransom popped up on my screen and I had no idea what to do—do I pay some criminal or do something else? And what else would I do?
When I contacted our previous tech support, they really couldn’t give us a straight path—I was just as confused as before I called in. That’s when I decided I needed some else to assess the situation. I’d recommend you finding a qualified technical team that understands all there is to your network and security and getting their recommendations before moving forward with a ransom payment.
The Second Question I have is how can you clean up from this hack? Depending on how the hack was implemented, who was affected and how long the infection persisted, you might have to implement slightly different measures. There are several areas that your technical team should explore to make sure what specifically was affected by the attack. Here are a few examples of places I’d look:
- Code Injection—look for areas in your network for code that doesn’t belong.
- .htaccess—the .htcaccess file is a configuration file for your web server. It has been commonly attacked by hacks.
- Website—if your website hacked, I suggest you reinstalling WordPress or your chosen web platform to avoid any problems on your website.
Next, I’d ask if you have a backup to restore. Backups are critical components to recovering from malicious attacks—along with any other attack you can think of. Having a recent backup can be the difference between getting up and running within hours of an attack or twiddling your thumbs waiting for a criminal to give you back access to your data—if they ever follow through!
If the attackers never follow through with a decryption key, there might be a chance of getting a decryption of your files, but these attackers are normally pretty good at using sophisticated encryption procedures. Even if you are able to decrypt the data, it probably would take quite a long time to do so.
And for all of you worried about HIPAA compliance?
Many of the current ransom attacks affecting Protected Health Information (PHI) are not considered breaches under the terms of HIPAA because the viruses never penetrate or leak PHI data. But with ever-evolving attacks, the time will come when PHI data is penetrated, ransomed AND leaked.
After you’ve hopefully been able to recover your data because your tech team was responsible enough to constantly backup your systems, you need to ask if there are preventative measures we should take with users? Are you doing everything we can to keep this from happening again?
Monitor for suspicious activity—get proper monitoring on your network to make sure everything is working as expected. Scan your system with updated anti-virus software and keep a vigilant eye on any possible infections.
Patch and Update Your Systems ASAP—updates and patches are released regularly by Microsoft and other software companies. Making sure that your keep up with patches and updates to software on your networks helps prevent vulnerabilities in your system. These are the vulnerabilities that hackers attack because they are easy to exploit!
Teaching Team Members—Make sure your team is in the loop with security measures and current threats online. Consider training your team using social engineering tests to make sure people learn what their vulnerabilities might be. Try to get your team to be a bit more suspicious to unexpected emails—especially if they contain links or attachments. Get people to understand what types of websites are not trusted.
And trust me, you don’t want to get CryptoLocker or the Locky virus. Heed this warning and act NOW before you have to initiate a remediation plan.
If you have any concerns about your business’ security contact us today to set up a network security assessment. Your business is too important to keep unknown doors wide open to a hacker’s attacks.
