Ransomware can affect any company, large or small. Hackers encrypt the most valuable files making them unreadable. In order for the company to recover this data, the hackers demand a ransom from them in exchange. This may be due to undetected phishing or a failure in the computer system. How to deal with such an attack?
The first steps after a cyberattack
After being the victim of a cyberattack, it is important to unplug the entire computer system. With this kind of attack, the bottom would not have been touched at the beginning. It is, therefore, necessary to isolate the information system. Indeed, a company specializing in financial investigations fell victim to cybercriminals. Its confidential internal data is all leaked whether it is the production of investigations or internal emails.
To avoid panicking, it is advisable to take note of how events have unfolded since the detection of the hack. Then, it is necessary to establish a crisis cell that will identify the problems caused by the malware and the communication strategy without forgetting to propose solutions.
Steps to follow after infection
To fight effectively against the invasion of malware, it is important to call on a company specialized in identifying the origin of the virus. As for the IT manager of the affected company, he must gather a lot of evidence such as the log files of the firewall or the trapped messages. Thereafter, it is necessary to contact a specialized judicial service and notify the insurance. The management must not forget to inform the internal and external team, in particular the Cnil. This is mandatory if there has been a personal data breach. Indeed, hackers could show on a showcase site the infection they have spread. This is the case of a Breton social landlord who had to warn his tenants that hackers were able to access their personal information.
What to do with ransomware?
Each case is different like that of the financial investigation firm that had no backup. As a result, she had to pay a ransom of more than 190,000 euros. Subsequently, the ransom note no longer appeared on the hackers’ site. Ransomware is a difficult problem to solve because some companies need their data urgently. To do this, they pay the ransom while others negotiate the amount. For their part, Anssi and the judicial authorities do not encourage the payment of ransoms. For them, it is a form of intimidation that forces companies to pay money. In return, it is not even sure that the data is recovered in full. For them, it is a vicious circle and it is even likely that a victim of these attacks will be hit more than once.
Know that there are ways to recover the data without paying any amount of money. Indeed, many sites offer software that breaks the encryption algorithm, the decryptors. Either way, it’s always safer to make data backups. Similarly, regularly educate agents by testing them with malicious emails.