IT-Simplified's Cybersecurity Solutions are designed to protect your company's systems from Ransomware and Recovery when necessary.
When it comes to Ransomware recovery, time is of the essence.
Stop waiting and contact us today, to let us help you keep your company safe and secure from all cyber threats!
Every moment your business is impacted by Ransomware is revenue and your companies future is impacted.
In the public sector, 42% of organizations have suffererd a ransomware incident in the last 12 months.
The average cost of downtime in 2019 comes out at $141,000, a more than 200 percent increase over last year’s average downtime cost of $46,800.
73% of these cases experienced two or more days of downtime as a result of Ransomware.
Ransomware demands have increased by 20%, bringing average Ransomware costs to $8,9000.
What should I expect after a Ransomware attack?
First and foremost, beware of companies who offer "A Guarantee of Recovery". These companies do nothing more than pay the ransom note to the hackers and charge you a premium for the service. You can read a recent ProPublica article written about such companies here: https://features.propublica.org/ransomware/ransomware-attack-data-recovery-firms-paying-hackers/
Here is a set of activities you should expect during the course of a ransomware recovery. These are essential steps you should follow, although they can vary a bit from one situation to the next. Note that many of the steps below will happen in parallel or in rapid fire succession.
- Gather yourself up and take a deep breath. Every ransomware situation is a bit different, but your full recover is likely, but expect an expensive, time-consuming and stressful set of processes. The following steps presume that you have already gotten a ransom notice and your system is completely held hostage. If so, time is of the essence, but acting rashly can cause more damage.
- Find your guide, someone who can lead you through the confusing maze of activities that will all be new to you. Your guide will start the examination process to assess your current situation, identify which variant of ransomware you have and the initial extent of the damages
- Your guide will suggest you engage a lawyer. You are not just in a dire technical and business problem, in many cases this can be a legal issue, too. Hiring the lawyer to engage with all the other parties involved in the recovery can provide important legal protections through attorney client privilege.
- Check to see if you have insurance coverage. General liability insurance by itself is unlikely to have meaningful value. If you are lucky it might have a $50,000 coverage for business interruption and ransomware recovery work. If you have a million dollar or more policy that covers forensics, recovery and remediation work, legal representation, public relations, business interruption, fines, and credit monitoring for individuals you will probably be in as good a shape as can be expected from a horrible event such as ransomware.
- Working with your insurance company, your lawyer and your ransomware recovery guide you will need to determine if you need to gather forensic information. This can be vital in developing the recovery plan. It is also essential in meeting breach notification requirements, law enforcement inquiries if they are to help, and more.
- Keep quiet, most firms keep all that is happening very confidential for numerous business reason. What you decide to tell customers, employees, investors, vendors, regulators, the press and others should be the result of a well thought out plan and not happenstance.
- If the ransom is large, you might consider hiring a ransomware negotiator. Yes, there are specialty firms that do this, or we can recommend one.
- Assessing the extent of the damage, the value of the lost data, the likelihood of a recovery without paying the ransom and other variables are essential in determining if you will pay the ransom or not. Knowing the extent and cost of the encrypted data is also essential on subsequent decision-making on how to proceed with other steps in the recovery.
- Do you pay the ransom or can you recover on your own? If the ransom is paid, how certain is everyone that the decryption will actually work. Encryption might have happened over a weekend, but it might take a week to decrypt as that is usually much slower. Can you negotiate to buy time while you figure out your overall strategy? Yes, that can often be helpful.
- Review your plan – at this point it is likely most or all of the above steps have been completed. Your ransomware recovery guide, or a specialty recover firm is well on their way to completing the recovery plan. It needs to be critically reviewed by all stakeholders. Stakeholders are you, the victim, the lawyer, the insurance company, if any, the forensics firm, the recovery firm, the negotiators, PR firm, etc.
- Execute the plan with great vigor, speed and tenacity. It will be a long hard journey, with people working many hours non-stop. But with commitment by the right team you will get results. Expect numerous conference calls each day for several days of the recovery. Expect changes in the plan as new information is learned and new challenges encountered.
- Create a new cyber-security plan to defend against future infection. Many victims don’t learn the lessons from the first hit and are doomed to a repeat infection when they don’t add the cyber defenses they need.
- Scan and monitor the system constantly for possible artifacts or the original infection that were missed in the recovery, or possible new attacks from the bad guys.
- Make cyber security planning part of your annual capital expense and operating expense budgets.