
RANSOMWARE
A quick overview and what you should do in case it happens to you
The cost of ransomware can go beyond the price of ransom
Ransomware is here to stay and with global damage projected to cost organizations $20 billion by 2021, it is not something that you can ignore. The best thing you can do to protect your organization is take preemptive measures.
The best cybersecurity defense is taking steps to avoid an incident in the first place.
What is Ransomware?
Ransomware is a form of malware (short for malicious software) that encrypts a victim’s files, holding them hostage until the ransom is paid. The ransom costs typically range between a few hundred dollars to a few thousand (depending on the criminal and the organization they are targeting), and most cybercriminals demand payment in cryptocurrencies.
Though ransomware has been around for decades, the invention of cryptocurrencies has made it easier than ever for cybercriminals to extort victims. The fact that cryptocurrencies don’t rely on central authorities such as banks also makes it harder to trace, hindering law enforcement efforts to identify individuals behind these attacks.
How Atom Creek Can Help
Not everyone is a cybersecurity or ransomware expert, and that is okay. Many small and medium-sized organizations may not have the resources or people power to justify supporting an in-house cybersecurity team, and instead place their trust in Managed Service Providers like Atom Creek. We can help you craft and implement robust cybersecurity protocols, offer employee cybersecurity training, and help you limit or mitigate the damage if a breach does occur.
How You Can Protect Yourself From Ransomware
With a continually changing and evolving technology landscape, cyber-attacks like ransomware evolve and change too. This means there is no way to protect your data completely. However, there are several things you can do to minimize your risk of infection and safeguard your digital assets even if you fall victim.

Employee Training
Your employees are your first line of defense when it comes to ransomware. Security Awareness Training will train employees to recognize malicious phishing attempts and give them the knowledge to protect your business.
.

Strengthen Inbox Security
You should protect all incoming email against phishing and malware, and take steps to protect domain names, employee names, email addresses, and other company identifiers from spoofing.

Implement Access Restrictions
Not everyone in your organization needs to be able to access everything. Employees should only be granted access to data and system areas that they need to do their job, and all devices that can access your organization’s network should have robust security programs installed.

Create a Data Protection
Strategy
Design, implement, and frequently test a data protection strategy to meet your business’s requirements. Closely follow industry best practices by ensuring that data is protected across multiple locations and different media to ensure the ability to recover data that has been attacked. Test and validate the ability to recover data.

Keep All Systems Up To Date
Make sure that all software, including anti-virus software, is kept up to date. Patches let cybercriminals know exactly where vulnerabilities in older versions of the software exist, making it easier for them to gain access to out of date programs.
Do you need some guidance on how to set your business up for success so you don’t fall victim to cybercriminals?
In the News
October 4th, 2020: The US Department of Treasury sent out a ransomware advisory on the potential sanctions risks for facilitating ransomware payments.
According to the advisory, demand for ransomware payments has increased during the COVID-19 pandemic as cyber actors target online systems that we rely on to continue conducting business. These increased attacks mean that businesses are paying the ransoms to get their data back because they do not have a data protection strategy in place. Paying the ransom only encourages future ransomware payment demands but also may risk violating OFAC regulations.
You can find the full advisory here: https://home.treasury.gov/system/files/126/ofac_ransomware_advisory_10012020_1.pdf
What Should You Do If You Fall Victim to Ransomware
Contact your Managed Service Provider
Your MSP can help you craft and implement robust cybersecurity protocols, offer employee cybersecurity training, and help you limit or mitigate the damage if a breach does occur.
Or call Atom Creek.
.
Contact OFAC
Contact OFAC immediately if you believe a request for a ransomware payment may involve a sanction nexus.
Contact the U.S. Department of the Treasury’s Office of Cybersecurity
Contact the U.S. Department of the Treasury’s Office of Cybersecurity and Critical Infrastructure Protection if an attack involves a U.S. financial institution