If you’re computer is hit with ransomware, unplug the Ethernet cable but keep the machine running.
CREDIT: Getty Images
A ransomware attack has hit large companies across Europe and the U.S., spreading through 65 countries in two days. The “Petya” virus, which encrypts a machine’s files, demands ransom, and spreads to other machines throughout a company’s network, has affected pharmaceutical giant Merck, international law firm DLA Piper, Danish shipping and transport firm Maersk, and Ukraine’s Chernobyl power plant.
Petya, or any cyberattack, can cripple a business if it is not prepared, says Kevin Epstein, vice president of threat operations at cybersecurity firm Proofpoint. The first 30 minutes are crucial, he says.
Epstein says there are six steps every company should take to limit damage from a virus or ransomware attack.
The first step is to alert your IT department and do not make any rash decisions.
“Don’t panic is the first step,” he says. “Too often, people take extreme action–ripping out the computer plug, paying the ransom right away. Stay calm; you have time.”
Epstein says international law enforcement and white hat hackers usually disable or disrupt wide-spread attacks within a day or two, so do not pay the ransom.
“The authorities shut down WannaCry’s ability to collect ransom in 24 hours, Petya’s email service provider eliminated their method of payment in four hours,” says Epstein.
He also says many hackers will not decrypt your files after being paid, so hang tight.
Step two is to isolate your computer. Remove the Ethernet cable, disconnect from WiFi, and pull any attached storage drives.
“It’s like a flu patient–if you leave someone with a fever coughing and sneezing for 8 hours in an enclosed space people will get sick,” says Epstein.
He says most cyberattacks spread through the internet, so make sure your computer is not connected to the company’s network.
Step three is to keep your computer on.
“Do not turn your computer off,” says Epstein. “If you turn off your machine you could end up removing evidence of the crime, removing critical files you could’ve used to decrypt, or it might not ever turn back on.”
Step four is to collect the evidence so IT can start working on the response, so law enforcement can file a report, and so your company can file an insurance claim.
“Take a picture of the ransomware message screen,” says Epstein.
Step five is to go find your backup.
“The best way to deal with ransomware is to wipe the hard drive and reboot from your backup hard drive in the cloud or a local drive,” says Epstein. “Your IT professional should be taking it from here. If you don’t have a backup, it could be a big problem. There are cases, especially for small businesses, where business do not have backups and it becomes a terminal event.”
Step six is to review your security protocols.
“Surviving a cyberattack requires prevention, detection, and recovery,” says Epstein. “Make sure you keep your machine’s software updated and make sure all vulnerability patches are up-to-date.”
He says 99 percent of all cyberattacks are launched via email, so you need to have a modern email security system that tracks behavior of email attachments and URLs.
Epstein says you need to get used to cyberattacks and you need to educate your employees.
“This is not a fad, this is the state of affairs and malware and ransomware are here to stay,” says Epstein. “In the physical world, we lock our doors, we get flu vaccines and move on. We do not panic. That is how you need to respond to cyberattacks.”