Businesses of all sizes are increasingly being targeted by ransomware, which can infect not only personal computers but also entire networks and servers. According to research conducted by Datto Datto, a technology solutions provider, approximately 20% of ransomware victims are small and mid-sized businesses. The impact of these attacks can be severe, causing significant disruptions to business operations and potentially damaging the reputation of the impacted organization.

What Exactly is Ransomware?

Ransomware is a form of malicious software that cyber criminals employ to restrict access to systems or data until a ransom is paid. Once the initial infection occurs, the ransomware spreads to shared storage drives and other accessible systems. If the demands of the attackers aren’t met, the system or encrypted data remains inaccessible. In some cases, the data may even be permanently deleted.

Typically, the hackers responsible for ransomware attacks demand payment bitcoin—a type of digital currency that’s difficult for law enforcement to trace. However, experts strongly advise against paying the ransom. No guarantee paying guarantee paying will regain access to your computer, network or files. Furthermore, by giving in to the attacker’s demands, you could inadvertently encourage future cybercrimes.

How Ransomware Can Spread

There are different ways that ransomware can spread, including:

• Visiting fraudulent or unsafe websites
• Opening emails or email attachments from unknown sources
• Clicking on suspicious links in emails or on social media platforms

The Impact of Ransomware on Your Computer

Ransomware can severely disrupt computer systems through two primary methods:

Lock-screen ransomware operates by displaying a window on the computer’s lock screen, effectively preventing access to the device. The displayed message on the lock screen may falsely claim to come from a government agency, accusing the user of violating a law and demanding payment of a fine.

Encryption ransomware permits computer access while encrypting specific types of files, rendering them unreadable. Typically, these files contain sensitive information and are deemed valuable by the attacker. When attempting to access the encrypted files, users are presented with a pop-up screen instructing them to purchase a private decryption key to restore the files to their original state.

Assessing Your Ransomware Vulnerabilities

In addition to cyber insurance, a strong commitment to cybersecurity is crucial to protect your organization from ransomware attacks. The Cybersecurity and Infrastructure Security Agency (CISA) recommends the following questions to determine if your organization is adequately prepared to address the risks associated with ransomware:

Backups — Does your organization regularly back up all critical information? Are these backups stored offline? Has your organization tested your ability to restore from backups during an incident?

Risk Analysis — Has your organization conducted a comprehensive cybersecurity risk analysis for the entire organization?

Staff Training — Has your organization provided cybersecurity training to staff, covering cybersecurity best practices?

Vulnerability Patching — Has your organization implemented appropriate patching procedures for known system vulnerabilities?

Application Whitelisting — Does your organization only allow approved programs to run on its network?

Incident Response — Has your organization implemented and evaluated an incident response plan specifically designed to address ransomware attacks?

Business Continuity — Does your organization possess the ability to maintain business operations in the absence of specific systems? If so, what is the duration for which operations can be sustained?

Penetration Testing — Has your organization conducted or engaged a trusted third party to conduct systematic attempts at hacking its systems to examine system security and the effectiveness of defense mechanisms against potential attacks?

Guidelines for Responding to Ransomware

Certain operating systems provide instructions for responding to lock-screen ransomware, although results aren’t guaranteed. In contrast, encryption ransomware can’t be resolved quickly with the encryption key, which is generally only available to hackers.

Regardless of the type of ransomware, cybersecurity experts recommend against paying the ransom. It’s important to note that paying the ransom doesn’t ensure the retrieval of access to your computer, network or files after you pay. Furthermore, payment could potentially encourage future cybercrimes.

If your business falls victim to ransomware, take the following steps:

1. Contact your local FBI office to report the incident.
2. File a complaint with the Internet Crime Complaint Center.
3. Restore file backups, if available.
4. Review your insurance coverage to determine if it includes coverage for ransom payment and associated business losses.

We’re Here to Help Prevent a Ransomware Attack

Understanding the risks ransomware can create for your organization and knowing how to reduce those risks can be daunting. Connect with a member of our team for additional cyber risk management guidance and insurance solutions.