The loss of sensitive data can cost a business millions of dollars and severely ...
Many organizations do not want to pay for a full-time CISO or do not know if they are ready...
Cybersecurity governance provides a strategic view of how your organization controls...
The Cybersecurity Risk & Maturity Assessment (CSMA) is a gap analysis and risk assessment...
A vulnerability assessment systematically reviews security weaknesses in IT ecosystems...
A penetration test, or pen test, actively identifies, tests, and highlights your organization’s...
Social engineering is the act of exploiting human weaknesses to gain access to...
With the growing threat of cyberattacks and data breaches—and the potential costs...
At any time, your organization might be running hundreds of security controls...
Is your manufacturing business prepared for CMMC compliance? Learn what CMMC compliance is...
At Right Hand, we understand what it takes for companies doing work within a defense industry ...
The National Institute of Standards and Technology (NIST), a division of the U.S. Department...
SOC is a suite of reports from the American Institute of Certified Public Accountants (AICPA)...
PCI DSS designs a set of security standards to ensure that all companies accepting...
ISO 27001 is a set of standards and requirements for an information security management...
Is your IT team stretched to the breaking point supporting your business? Have you had...
Is your in-house IT staff overworked and overburdened managing routine tasks? Do you have...
Our Help Desk Services provide businesses with fast, professional IT care at an affordable...
Cloud computing is transforming the way organizations buy and consume software...
Is your current IT strategy prepared for the threats that your organization faces every day? From human...
We are experts in supporting manufacturing companies with their cybersecurity posture and compliance needs such as CMMC so they can win DoD contracts!
You may have found that as your practice has grown, IT maintenance, security, and repair...
A better approach to IT support for law firms is known as Managed IT Services...
Cloud computing is transforming the way organization buy and consume software...
Is your current IT strategy prepared for the threats that your organization faces every day? From human..
The loss of sensitive data can cost a business millions of dollars and severely ...
Many organizations do not want to pay for a full-time CISO or do not know if they are ready...
Cybersecurity governance provides a strategic view of how your organization controls...
The Cybersecurity Risk & Maturity Assessment (CSMA) is a gap analysis and risk assessment...
A vulnerability assessment systematically reviews security weaknesses in IT ecosystems...
A penetration test, or pen test, actively identifies, tests, and highlights your organization’s...
Social engineering is the act of exploiting human weaknesses to gain access to...
With the growing threat of cyberattacks and data breaches—and the potential costs...
At any time, your organization might be running hundreds of security controls...
Is your manufacturing business prepared for CMMC compliance? Learn what CMMC compliance is...
At Right Hand, we understand what it takes for companies doing work within a defense industry ...
The National Institute of Standards and Technology (NIST), a division of the U.S. Department...
SOC is a suite of reports from the American Institute of Certified Public Accountants (AICPA)...
PCI DSS designs a set of security standards to ensure that all companies accepting...
ISO 27001 is a set of standards and requirements for an information security management...
Is your IT team stretched to the breaking point supporting your business? Have you had...
Is your in-house IT staff overworked and overburdened managing routine tasks? Do you have...
Our Help Desk Services provide businesses with fast, professional IT care at an affordable...
Cloud computing is transforming the way organizations buy and consume software...
Is your current IT strategy prepared for the threats that your organization faces every day? From human...
We are experts in supporting manufacturing companies with their cybersecurity posture and compliance needs such as CMMC so they can win DoD contracts!
You may have found that as your practice has grown, IT maintenance, security, and repair...
A better approach to IT support for law firms is known as Managed IT Services...
Cloud computing is transforming the way organization buy and consume software...
Is your current IT strategy prepared for the threats that your organization faces every day? From human..
Maybe you’ve heard about ransomware somewhere but never expected it to happen to your business. Or maybe you knew about it and took precautionary steps, but still got infected. Perhaps you are in disaster recovery mode as you are reading this – desperate to find any information that might help. Make no mistake – ransomware attacks do not discriminate and the threat they pose to businesses is not a joke. A report created by the Cyber Threat Alliance estimates that over $325 million in damage occurred to businesses in 2015 alone – and this analysis is based on only one particular strain of the malware. Check out the report here.
Unfortunately, most cases of ransomware will ultimately result in lost data, time, productivity, and money for a business that has fallen victim. While our team at Right Hand wants to equip clients with the tools and information needed to avoid this threat altogether, we also want business owners to know what to do when an infection hits. The following guide will offer tips, best practices, and advice for anyone who is staring down one of those dreaded ransom notes. Remember that all is not lost – acting quickly and decisively is the best counter to a ransomware threat.
It is easier to take action when you can quickly identify the signs of a ransomware attack. The trademark of ransomware is to lock up access to your data – this means documents, spreadsheets, PDF forms, and many other file types. If you realize that you cannot open any of them, this could be your first clear sign of an infection. Error messages displayed when attempting to open a ransomware-encrypted file commonly report that the file may have become corrupted. The hackers who write ransomware code want you to know what’s happening so that you can get to the part where you send them money. The ransom note itself will likely be very obvious – displayed in the web browser or even replacing your current desktop background. Some strains of ransomware will create small TXT files that will appear in locations where files have been encrypted. Opening these files will reveal the ransom note.
The content detail of the ransom note can vary, but ultimately its purpose will be the same. Your files have been encrypted or locked, and you will have to send money to the hackers in order to regain access. Some ransom notes will even try to portray themselves as a charity or other good cause in the attempt to better convince victims to pay. The payment itself is almost always requested in bitcoins, which is a virtually untraceable form of virtual currency.
Right Hand recognizes that in some cases, making payment can be the only remaining course of action to retrieve business critical data. With that being said, we highly discourage this action for three major reasons.
If you’ve successfully identified that a computer or computers have been infected, your best chance at mitigating damage comes by acting fast. NEVER allow an infected computer to sit idle while connected to the network and the internet.
Ransomware is almost exclusively initiated by social engineering tactics. Right Hand offers training programs that simulate actual attacks, giving your users an edge when it comes to identifying a potential threat before it happens.
Click here to contact us and learn more.
Immediately disconnecting the computer from the network serves multiple purposes. The most important part is that you prevent the infected computer from spreading to other resources on the network. Never assume that the virus is limited to the computer where it originated. Most strains of ransomware are smart enough to find and encrypt files not only on the originating computer, but also any shared folders or mapped drives. This usually means that file storage servers on your network are also going to be at risk.
When you disconnect the computer from the network (and the internet) you cut off any outside access the hackers may have gained to your system. In some rare cases, acting quickly to disconnect a computer can interrupt the malware as it does its work – and protect files that may otherwise have become encrypted.
This is the most important step to take for mitigation of damage. This should be done anytime there is even a suspicion of ransomware. In all cases, if there is any doubt, simply power the infected computer off.
When you are ready to perform some initial troubleshooting on an infected machine, boot it into safe mode. Safe mode is always the best environment to remove malware because the system will boot using only the bare minimum resources necessary to run the operating system. In most cases, but not all, malware cannot run properly while in safe mode.
To get your computer into safe mode, press the F8 key during boot-up of pre-Windows 10 computers. This displays a menu that offers the user choices of how they want to boot Windows. For this scenario, choose safe mode without networking. Remember that any kind of connectivity in this state can place other computers and servers on your network at risk. If you are running Windows 10, you can reach safe mode by holding in the shift key while clicking the restart command.
System restore is a very handy feature that is built in on all current versions of Windows. However – it should be noted that it is NOT turned on by default in Windows 10. Right Hand recommends turning this feature on immediately for any Windows 10 computer.
System restore can be found by looking under Accessories – System Tools in the start menu. This tool will attempt to revert the computer to a state it was in at some time in the past. (Preferably before it got a ransomware infection.) In some cases where the user has acted fast enough, the computer can be restored to its previous state without suffering any ill effects of the attack.
It should be noted however that system restore is not foolproof. Many malware strains specifically target system restore backup points and prevent you from using them. It is also possible for system restore to complete successfully while files remain locked up and encrypted. Another important thing to remember is that system restore will reboot your computer into normal mode. If system restore doesn’t bring success, boot the computer back into safe mode and move to the next step.
The next step to take would be to utilize anti-virus and anti-malware tools, using the most comprehensive or deep scanning options allowed by your software. Locked files cannot be recovered by this means, but you can usually get the malware removed from the computer and prevent further damage to your system.
A full format of the hard disk and fresh installation of your Windows operating system may be time consuming and stressful, but this is a guaranteed way to get the infected system clean again.
Many business owners will understandably save this step as an absolute last resort. Still, Right Hand recommends this as the best solution to ensure any traces of ransomware are wiped out. Ask yourself whether avoiding the downtime would be worth risking further damage to your data and network.
We wholeheartedly hope that you have one. Once you have reformatted the infected computer and re-installed a fresh copy of Windows, you’ll need to restore from backups to get your old files back where they used to be. If the infected computer was connected to external file shares on your network, those locations should also be checked for encryption. Restore good copies if necessary. Remember that any networked location that the infected user had access to is potentially damaged.
Having a solid backup solution in place is your #1 protection from the damaging effects of ransomware. Encrypted files cannot be unlocked by anyone but the hacker. Don’t take unnecessary risks with your business critical data – if you aren’t backed up, call us today or visit http://backup.rhtg.net.
They won’t hunt down and bring justice to the hacker that got you, at least not initially. It may seem like a bother, but reporting your incident to the FBI may help them to identify patterns and investigate the crime at its source. Incidents can be reported at the FBI’s Internet Crime Complaint Center at http://www.ic3.gov.
If you have a computer infected with ransomware and you’re not sure what to do, let the pros take a look. Our experienced technicians at Right Hand are knowledgable on the threat of ransomware and have encountered it in many different situations. We have the tools and experience necessary to give you the best chance at saving your data and helping you to avoid another attack in the future.
Right Hand is a managed service provider offering custom IT solutions for any size business, large or small. Our team can protect your network from ransomware and other threats. Don’t wait for disaster to strike – call us today at 844.254.RHTG (7484).
Explore comprehensive phishing prevention strategies for financial institutions, including the FS-ISAC framework, employee education,…
Explore Shadow IT risks and benefits, and learn how consistent MSP support can help…
Navigate CMMC compliance complexity with our master guide. Explore key documents like SSP and…
The Certified Information Systems Security Professional is an information security certification with extremely high standards. Less than 132,000 people worldwide had this certification at the end of 2018.
It has also been formally approved by the DOD and is globally recognized in the field of IT security.
It covers the following topics:
Security and Risk Management
Asset Security
Security Architecture and Engineering
Communication and Network Security
Identity and Access Management (IAM)
Security Assessment and Testing
Security Operations
Software Development Security
This a system engineer certification and tests the user’s knowledge on the following topics:
Windows
SQL Server
Exchange Server
SharePoint
System Center (SCCM)
Lync
The A+ Certification demonstrates that the computer technician has the skill set needed to customize, install, maintain, and operate PCs.
In addition to these certifications, Right Hand also has strategic partnerships with some of the biggest names in the industry like Microsoft, Dell, Citrix, and Fortinet.
What could be more assuring than having these industry giants on your side?
As the name suggests, this certification is for Network Engineers. Everything from the installation and maintenance to troubleshooting of networks including the understanding of all related technologies is a part of the course.
This certification shows that the technician who has passed the Microsoft exam is capable of managing, migrating, deploying, planning, and assessing the technology, security, and compliance needs associated with Microsoft Office 365.
The CompTIA Security Plus SY0-501 course provides certifications in the following topics:
Threats
Vulnerabilities
Attacks
System Security
Network Infrastructure
Access Control
Cryptography
Risk Management
Organizational Security