Skip to content
Building your order...
+

WHITE PAPER

Ransomware: Don’t Let Your Data Be Held Hostage

Ransomware occurrences are skyrocketing. Learn how to prevent them and what to do if you are attacked.

Cyberattacks and security breaches are on the rise

Ransomware is one of the hottest white-collar crimes of the 21st century. Incidences are skyrocketing and cybercriminals have set their sights on more vulnerable small- and medium-sized businesses, as they usually have less resources to ward off an attack and are more likely to pay a ransom to retrieve encrypted files.

Unlike other types of malware that simply destroys data, ransomware is different in that there is an out: the criminals want to get paid and you may be able to recover your data. But is that the best course of action?

This White Paper is intended to educate SMBs about ransomware attacks and to provide simple action steps that every business can take to avoid falling victim in the first place, as well as recommendations for recovering if an attack should occur.

How does ransomware happen?

Ransomware can get into a network simply by a user opening an infected email or through flaws in website design. 90% of reported ransomware attacks are the result of unintentional employee errors, with malware enticing unwitting end users to click on a link or open an email. The remainder is comprised of angry employees or ex-employees who deliberately seek to sabotage the business or attacks at a specifically identified high-profile enterprise in hopes of a big payday.

Some sources put the cost estimate of hundreds of thousands of dollars per incident at a major enterprise. In addition to hard costs such as the income lost due to a stoppage in business operations and the cost of replacing damaged computing hardware, companies must deal with potential compliance fines and legal fees if customer privacy was breached.

There are also virtual costs including permanent loss of data and the time it takes to rebuild databases and restore infected systems. Then there are soft costs like reputation damage, loss of potential business and diminished trust among supply chain partners.

Finally, there’s the cost of paying the actual ransom demand if you decide to go that route.

First, immediately disconnect the device(s) from the network. Not just the hardwired connection, but also deactivate any wireless or Bluetooth connectivity. Do not turn off power to the device. Shutting down the device may do more damage to data and/or destroy potential evidence.

Then you can consider your options:

  • Wipe your system clean and restore the data from a recent backup prior to the attack. This should always be your first option as the business should have data backup policies and capabilities in place.
  • Try to decrypt the system yourself. There are many ciphers available on the web and if you know where to look and have the expertise, you might find a key to unlock your data without paying the ransom.
  • Take the hit and start over. Maybe you can’t find the decryption tool, you didn’t have much data to lose, or it can be easily reconstructed. Wipe the system and start rekeying.
  • Pay the ransom. If your business is bleeding money by the second or you do not have backup systems in place and the data is irreplaceable, this may be your best option.
  • Install firewall management and security/malware detection software with real-time network scanning and keep it up to date.
  • Implement rigorous and strict data backup procedures or consider cloud resources or outsourcing data backup to security service providers.
  • Emphasize good password hygiene and the use of complex sequences.
  • Train employees to recognize phishing scams and malware traps and test your employees with regular fake phishing scams.
  • Establish an out-of-loop emergency contact system with other key members for safe communications during an outage.
  • Update user network credentials and permissions, especially after dismissing a disgruntled employee.
  • Have an incident response procedure in place. When an employee’s device is targeted, they should know who to call and next steps.
  • Hire a Data Protection Officer (DPO) whose primary responsibility is to identify and exterminate threats before they cause damage.
  • Do not insert a USB drive to try to copy the data, you will only infect the USB drive.
  • Do not contact the attackers unless you intend to pay the ransom.
  • Immediately alert your company IT department or service provider.
  • Update your firewall management and security/malware detection software.
  • Consider a third party or cloud service for assistance with data backup and threat detection.
  • Implement the employee education and prevention steps listed in the “before” section to make sure it doesn’t happen again.

Partnering to Solve Your Complexities

Astound Business meets you where you are and how you want to communicate. We're focused on taking out friction points and delivering solutions that scale.

Listening & Discovery

Understanding the key issues that need to be solved is first, we won’t sell you a fixed set of products. We listen and provide a diversity of connectivity solutions aligned to your specific business. Up front, our experts learn how your business works, to uncover how things could be done differently to find efficiencies and new profit centers. Getting the pulse of our clients, then right-fitting solutions and delivering on time is how we operate.

Solution Planning & Design

Meeting your needs where you are, technical experts provide unique solutions by creating a project plan that covers scope, timing, cost and execution. A dedicated account team aligns to design a custom network that delivers secure connectivity. From kick-off to site survey to construction and integration — your account manager and solutions engineering team provides comprehensive project management.

Implementation

You’ll receive end-to-end build management from a dedicated account manager and an implementation driven by local experts. We are never bureaucratic. We respect your time, while handling all the details. We offer flexibility in infrastructure and expansion, where others can’t, through dark fiber delivery.

Monitoring & Maintenance

Focused on your connectivity, we care about our own network and are not overextended. Experienced staff are monitoring the infrastructure around the clock to deliver stability, while adhering to SLA metrics. We pick up the phone immediately. Astound’s organizational structure is set up for superior response & support.

Let’s discuss your connectivity needs.

Get your business connected with ultra-fast, reliable, and secure internet on our fiber network.

All fields are required unless indicated as optional.

Step 1 of 3

  • Your Information

Disclaimers

Not all services, speeds and product features are available in all areas. Taxes & fees apply to all services and are subject to change. All services a governed by Astound Business Solutions Terms and Conditions. Other restrictions may apply. Internet speeds may vary & are not guaranteed. Certain equipment may be required to reach advertised speeds. DOCSIS 3.1 modem with 2.5GE physical LAN port is required for 1 Gigabit speeds and higher. Learn more on why speeds may vary. To view Astound’s FCC Network Management Disclosure see below. Modem required for Internet service. Wi-Fi Security provided by eero. ±Astound Internet is powered by fiber and connected to the premises via coaxial connection or fiber, where available. Delivery methods may vary by area.

TV rates are not promotional and are subject to change. Availability of channels, packages, TV tiers and other offerings may vary by location and is subject to change. Any additional services (such as equipment, add-on channels and other tiers of service) are subject to additional charge & regular increases. Minimum internet speed of 250 Mbps is required for Business TV service. Programming subject to change; availability may differ by location; certain on demand, events and pay-per-view titles are available an addt’l cost. High definition may not be available in all markets. Refer to your on-screen guide for details.

Available phone services may vary based on market and location. Additional charges apply to new or moved phone jacks and may apply to additional cable jacks as well as custom or non-standard installation work. Other restrictions may apply. Read phone equipment and battery backup details. CA/OR RESIDENTS: pricing for phone does not include 2% Regulatory Administration Fee.

New business customers only, and other restrictions apply. Customer consents to texts, emails & calls by Astound for purposes relating to customer’s account. All services are governed by the Astound Small Business Services Subscriber Agreement.

+Satisfaction Guarantee (Astound.com/about-us/customer-pledge)

All names, logos, images and service marks are property of their respective owners. ©2024 Astound Business Solutions, LLC. All rights reserved.