No Result
View All Result
SUBSCRIBE | NO FEES, NO PAYWALLS
MANAGE MY SUBSCRIPTION
NEWSLETTER
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
Corporate Compliance Insights
Home Cybersecurity

‘Have I Been Hacked?’ How To Identify and Respond to Ransomware in Your Organization

You Have More Tools at Your Disposal Than You Might Think

by Stu Sjouwerman
September 30, 2021
in Cybersecurity
an abstract graphic depicts ransomware

Getting hit by a ransomware attack can throw your week, if not your month or your year, into disarray. But depending on the breach, you might have several viable paths forward to recover your data. You might even be able to slip the trap and avoid paying altogether.

Ransomware may be the fastest-growing risk to businesses across sectors. Attacks this year have jumped by 93 percent compared to 2020, a period which itself witnessed a 485 percent increase from the previous year. Cybersecurity Ventures projects damages caused by ransomware attacks will exceed $265 billion by 2031.

A proposed cybersecurity bill would hold countries harboring cyberattackers responsible for their actions in a manner similar to anti-terrorism measures.

How Does Ransomware Work?

Although cybercriminals use a variety of methods to execute a ransomware infection, common vectors include phishing emails, malicious attachments, unpatched systems, credential hijacking, free software downloads and malware-laced websites or advertisements.

Once the malware is deployed, ransomware spreads to other machines, encrypting them, stealing confidential data (like emails, login credentials and other intellectual property) and attempting to delete backups. Inevitably, the victim is expected to pay a fee (usually in cryptocurrency) in exchange for a decryption key that helps restore systems and services to their original state. Ransomware demands usually carry a payment deadline, which, if not met, can trigger an increase in the ransom payment. Attackers may also threaten to delete or sell hijacked data or release sensitive data to the public if ransom demands are not met.

Typical Signs of a Ransomware Infection

If you’re impacted by ransomware, the symptoms are fairly obvious. Some telltale signs:

  1. Users cannot open files, discover a file is corrupted, or a file name extension seems unrecognizable.
  2. Your desktop wallpaper suddenly changes, detailing instructions on how you can unlock your files by meeting the extortionist’s demands.
  3. A related program or a website suddenly displays a clock, a countdown or a deadline urgently requesting that a payment be made, otherwise the ransom will increase and your data will be deleted.
  4. A window to a ransomware program has opened and you cannot close it.
  5. Suddenly names of all your computer directories have changed to, HOW TO DECRYPT FILES.TXT or DECRYPT_INSTRUCTIONS.HTML or something along those lines.

I Got Hit by Ransomware. What Are My Options?

If you’re hit by ransomware, it’s important that you make an informed decision on the next course of action. If your data is encrypted but not exfiltrated and credentials haven’t been leaked, then you have five potential options:

1. Restore from a recent backup. 

Restoring data from a recent backup is usually the ideal first choice, unless ransomware has corrupted your backups and data has been leaked or exfiltrated. Ensure you do a manual verification to determine your data is indeed backed-up and recoverable. Consider the time factor. How much data have you lost, and how long will it take for you to restore services? Downloading terabytes of storage from online backups is no easy feat. It could take days, and the downtime costs associated with the disruption could be significant. Explore the possibility of restoring shadow copies, (although recent ransomware strains have been known to delete shadow copies).

2. Decrypt files using a decryptor.

Ransomware is evolving continuously, but some older forms of ransomware may have antidotes available from mainstream security vendors, law enforcement agencies and independent threat researchers. As a disclaimer, this is usually not a viable solution, but there’s no harm in trying. Start by determining your malware strain. Most strains have version numbers, but these can be unreliable. Before you download an available decryptor or unlocker, ensure it is vetted by a reputable source. It might be a good idea to consult security professionals to determine if there are any pros or cons before you experiment with an unlocker.

3. Do nothing (lose your data).

One obvious option is not doing anything. If you are an individual, a small business or without a backup and you are not too concerned about the consequences, doing nothing may be a valid option. Remember to rid your machine of all forms of malware, install a clean copy of software and put some countermeasures in place to avoid such incidents in the future.

4. Pay the ransom.

Note that the FBI and other government bodies do not recommend paying the extortionists, citing how ransomware payments further instigate criminal behavior. In fact, four U.S. states have already proposed laws to ban ransomware payments. Before you consider making a payment, contact the FBI, your lawyers, security professionals and your insurance carrier to see if they can possibly help negotiate the ransom terms. Paying the ransom is not without its own risks. The U.S. Treasury Office issued an advisory warning that entities that facilitate these nefarious payments may run afoul of violating OFAC regulations.

5. Contact law enforcement.

As a first measure, it would be wise to include contacts for federal agencies in your security plan. Loop in your local FBI field office, CyWatch and the Internet Crime Complaint Center. Reporting advice can be found at the Cybersecurity & Infrastructure Security Agency.

It goes without saying: An ounce of prevention is better than a pound of cure. Given how backups alone won’t save the day, it’s still important to have the right technical controls in place to thwart ransomware attacks.


Tags: Ransomware
Previous Post

In Break with Tradition, DOJ Indicted Former Ericsson Employee for Role in Foreign Bribery Scheme

Next Post

When Corruption Investigations Run Cold, AI Pattern Analysis Can Revive the Case

Stu Sjouwerman

Stu Sjouwerman

SjouwermanStu Sjouwerman is founder and CEO of KnowBe4 [NASDAQ: KNBE], developer of security awareness training and simulated phishing platforms, with 41,000 customers and more than 25 million users. He was co-founder of Sunbelt Software, the anti-malware software company acquired in 2010. He is the author of four books, including “Cyberheist: The Biggest Financial Threat Facing American Businesses.” He can be reached at ssjouwerman@knowbe4.com.

Related Posts

lloyds of london

Now That Lloyd’s Won’t Cover Nation-State Cyber Attacks, What Do Organizations Need to Know?

by Jonathan Armstrong and André Bywater
August 31, 2022

Lloyd’s of London, the world’s leading insurance market, says that cyber insurance policies it issues after March 31, 2023 will...

Arms extended from computer screen to signify hackers

Kroll Warns: We’ve Detected a Staggering Rise in Two Key Forms of Cyber Attack

by Alan E. Brill
March 22, 2022

As part of its ongoing commitment to cyber threat research, Kroll’s threat intelligence team looked at hundreds of real-life cyber...

a mountain peaks out of the mist

To Ensure Anti-Ransomware Compliance in Crypto Transactions, Financial Institutions Have a Mountain to Climb

by David Tannenbaum and Dan Chirlin
March 17, 2022

With increased scrutiny from a litany of regulators, cryptocurrency exchanges and financial institutions are now required to monitor, flag and...

Illustration of a professional giving a presentation

Gaining Executive Support for Your Security Awareness Training Program

by Perry Carpenter
February 7, 2022

You know the resources and commitment required for a successful cybersecurity program. But your company's leaders might not. Communicating what...

Next Post
a graphic visualization of big data analysis

When Corruption Investigations Run Cold, AI Pattern Analysis Can Revive the Case

Compliance Job Interview Q&A

Jump to a Topic

AML Anti-Bribery Anti-Corruption Artificial Intelligence (AI) Automation Banking Board of Directors Board Risk Oversight Business Continuity Planning California Consumer Privacy Act (CCPA) Code of Conduct Communications Management Corporate Culture COVID-19 Cryptocurrency Culture of Ethics Cybercrime Cyber Risk Data Analytics Data Breach Data Governance DOJ Download Due Diligence Enterprise Risk Management (ERM) ESG FCPA Enforcement Actions Financial Crime Financial Crimes Enforcement Network (FinCEN) GDPR HIPAA Know Your Customer (KYC) Machine Learning Monitoring RegTech Reputation Risk Risk Assessment SEC Social Media Risk Supply Chain Technology Third Party Risk Management Tone at the Top Training Whistleblowing
No Result
View All Result

Privacy Policy

Founded in 2010, CCI is the web’s premier global independent news source for compliance, ethics, risk and information security. 

Got a news tip? Get in touch. Want a weekly round-up in your inbox? Sign up for free. No subscription fees, no paywalls. 

Follow Us

Browse Topics:

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks Published by CCI
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • On Demand Webinars
  • Opinion
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Well-Being
  • Whitepapers

© 2022 Corporate Compliance Insights

No Result
View All Result
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe

© 2022 Corporate Compliance Insights

Welcome to CCI. This site uses cookies. Please click OK to accept. Privacy Policy
Cookie settingsACCEPT
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT