Ransomware is defined by the United States Department of Justice Federal Bureau of Investigation (FBI) as a “type of malicious software designed to block access to a computer system until money is paid” (FBI, 2015). Hotels are a prime target for this type of attack. Legal authorities advise against paying the ransom, but there are many factors ultimately involved in the decision process. Most businesses would prefer to regain access to their critical computing systems by paying the ransom rather than waiting through a lengthy investigation process....Below are several steps a business can take to prevent a ransomware attack:
Be Vigilant. If an email looks too good to be true, it probably is. Be cautious when opening attachments and clicking links.
Backup Your Data. Plan and maintain regular backup routines. Ensure that backups are secure, and not constantly connected or mapped to the live network. Test your backups regularly to verify their integrity and usability in case of emergency.
Patch and Purge. Maintain regular software updates for all devices, including operating systems and apps. Update any software you use often and delete applications you rarely access. (IBM, 2016)
Isolate the infected computer immediately. Infected systems should be removed from the network as soon as possible to prevent ransomware from attacking network or shared drives.
Isolate or power-off affected devices that have not yet been completely corrupted. This may afford more time to clean and recover data, contain damage and prevent worsening conditions.
Immediately secure backup data or systems by taking them offline. Ensure backups are free of malware.
Contact law enforcement immediately upon discovery to report a ransomware event and request assistance.
If available, collect and secure partial portions of the ransomed data that might exist.
If possible, change all online account passwords and network passwords after removing the system from the network. Furthermore, change all system passwords once the malware is removed from the system.
Delete registry values and files to stop the program from loading.
Implement your security incident response and business continuity plan. Ideally, organizations will ensure they have appropriate backups, so their response to an attack will simply be to restore the data from a known clean backup. Having a data backup can eliminate the need to pay a ransom to recover data.
FBI. (2017). Business e-mail compromise: e-mail account compromise the 5 billion dollar scam. Retrieved October 1, 2017 from https://www.ic3.gov/media/2017/170504.aspx.
IBM. (2017). Ponemon Institute’s 2017 cost of data breach study: global overview. Retrieved October 2, 2017 from https://www-01.ibm.com/common/ssi/cgi-bin/ssialias?htmlfid=SEL03130WWEN&.