Let's start with what not to do - The 4 stage strategy for getting hit by a ransomware attack…
So, Is there a solution for Ransomware? Well, not really… BUT we can significantly reduce the risk. I am sure many technology vendors will offer different solutions, however we are here to talk about the people side of the story and what we can do about it. This 1-minute video is part of Wizer Security awareness training.
To begin with, stop treating your digital identity like you treat someone in person. If you get an email from a friend or a notification from your bank that requires you to log in, download a file, or share personal information - call to verify that it’s real, and always call the number in your phone book or the one on the official website.
Also, always keep your computer updated. If your computer isn’t patched, criminals may use that to hack you at home or work.
If you signed up to a random website with the same password you use, for let’s say, your company VPN - guess what? Criminals know people reuse passwords, so once they have one of your passwords, they will try to use it everywhere and possibly gain access to your organization.
So NEVER reuse passwords or use your company email for personal stuff and make sure your passwords are long and complex! Finally, have an offline backup of your data. This may be your last resort if nothing else works.
And what if you've been hit with a ransomware?
You may NEED this... so SAVE IT! It’s also a great resource to SHARE with your management if they are not convinced you should invest in a ransomware incident and response plan… you pay either way, $1 before a breach is equal to $9 after a breach. There is a high ROI in being prepared…
True Story about how a company got hit with ransomware
This video is based on a real story that we dramatized. We have many more stories like this in Wizer Free Security Awareness Training
What are the experts saying?
“If YOU use more complex passwords and also do NOT store passwords and reminders in text files, it wouldn’t have happened.” Yeah! That was what the attackers told Kurtis Minder who negotiated a multi-million dollar ransom…
In this webinar our panelists answered some really difficult questions, like “Should you pay the ransom?”, “How to negotiate?” and everything about the aftermath…
You can watch the full 1 hour webinar
key Takeaways from the Webinar:
You get into the office with your hot cup of coffee and you sit down at your desk ready to start the day and the unthinkable happens. You’ve been hit with ransomware. What do you do? Ignore it? Pay it? Call in reinforcements? Will anything you do make a difference?
Our panelists along with Chris Roberts discussed the answers to these questions in our latest webinar. First thing first...Don’t panic! Take a deep breath and let your emotions settle before you do anything and by all means, please don’t consult Google.. There are literally ads waiting for you to be desperate enough to seek help only to scam you even more.
Ransomware is a multi-billion dollar industry for a good reason...
Kurtis Minder negotiated with an attacker on a multi-million dollar ransom and received the following message from the attacker, “If you use more complex passwords and also do not store passwords and reminders in text files, it wouldn’t have happened.”
Many of the attacks are actually not that sophisticated. It’s more about the fact that many organizations, small and large, are still behind on the basics and are totally not prepared in case of a ransomware attack. When it’s that easy to get in, why wouldn’t this be a billion dollar industry?
Who is behind these attacks?
They are either organized gangs that have built a brand for themselves or lone wolves. Organized gangs have a reputation to maintain, otherwise, victims will not pay them the ransom. It’s hard to believe, but they operate like a business and they need to stand behind their “product." When it comes to lone wolves, they may be more dangerous. These are individuals that really don’t care about their “reputation." It’s important to know who you are talking to. When you use a 3rd party to negotiate, they know how to talk to these different types of attackers.
One dollar before a breach equals $9 after a breach!
Either way, you’re paying. It’s how much you want to pay up front and how much are you willing to lose that is the question. It’s best to invest your money in preparing via training programs, insurance, and anything else you will need to help prevent or recover from a ransomware attack.
Start with communication and training. So many companies and individuals simply aren’t heeding the warnings and following the recommendations. Invest the time, money, and training it takes to properly build security awareness and protocols.
How come nobody listens?
Passwords...need we say more? You can lead a horse to water but you can’t make him drink...this is true. So, the next best thing is to make it easy for employees to want to do the right thing and make it impossible for them to fail. In other words, mandatory password requirements, clear policies, and accountability. Give them usable alternatives.
Safe storage of passwords - Don’t allow employees to save their passwords in their browser. Huge no-no. Instead, use a password manager that has been vetted by your company. It’s a good idea to use one that allows you to set some controls and encrypts the information.
Multi factor authentication and endpoint protection will also go a long way in helping to mitigate ransomware attacks.
And train, train, train.