How to Avoid Falling Victim to a Ransomware Attack, Twice

The UK’s National Cyber Security Centre (NCSC) recently published a blog post detailing how a company fell victim to the same ransomware attack twice. 

The unnamed company paid the equivalent of a little under £6.5 million with today’s exchange rates to restore their data after the first ransomware attack. The company’s main concern was getting their data back, and so they didn’t investigate where the ransomware came from, how it got there, or how long it had been in their systems. 

Two weeks later, the same unnamed company suffered another ransomware attack.  Of course, they felt like they had no other choice but to pay another ransom to get their data back.

This is a cautionary tale of what not to do after you have suffered a ransomware attack.  So, to avoid falling victim to a ransomware attack twice, here are 4 steps you should follow.

  1. Always investigate the attack.  You need to know how the ransomware got into your systems if you are going to defend them. You must examine the network following a ransomware incident to determine how the malware was able to enter the network and stay undetected for so long. It is something all organizations that fall victim to ransomware do alongside restoring the network. If necessary, hire cyber security professionals to help you assess the situation.
  2. Make sure your operating systems and security patches are up to date.  Many times, hackers can get into your network through an old, unpatched vulnerability.  If this was the cause of the ransomware attack, patch it right away. Even if it wasn’t, patch any vulnerabilities anyway to prevent a future attack. Going forward, ensure your business has a plan vulnerability management and remediation. 
  3. Use offline backups.  This is important to help with the restoration of data on your network.  When backups are stored online, sometimes these can become infected with the ransomware as well, so it’s best to store offline and restore once the ransomware has been removed from every device on the network. 
  4. Apply multifactor authentication. In many ransomware cases, the hacker gets into the network to via a compromised login. If you have been victimized by ransomware through this method, it is important to not just change all passwords, but also introduce multifactor authentication to make it more difficult for the hacker to get in again. 

Recovering from a ransomware incident is rarely a speedy process. The investigation, system rebuild, and data recovery often involves weeks of work. If doing it once seems like an arduous task, you certainly won’t want to do it twice. Following the above steps will help you reduce your chances of further attacks.  If you need help with any of the above steps, Uzado is available 24×7.