Security · November 21, 2023

Tips to Protect Your Business From Ransomware

Ransomware is one of the most common cybersecurity threats facing today's businesses—and it's also among the most potentially damaging.

This type of malicious software, or malware, holds data or devices hostage until victims pay a ransom. Attackers use this technique to target not only government agencies and corporations but also small businesses and individuals.


The price of ransomware

The cost of these cybersecurity threats isn't limited to the ransom itself. Victims often must spend a significant amount of time and money to restore their systems. There's also the potential for reduced productivity, lost sales, legal fees and reputational damage.

Reducing the risk of cyberthreats begins with a culture of awareness. You can protect your business from ransomware by first developing a comprehensive cybersecurity plan that details what you'll do in any situation that may affect the security of your business. With a plan that both you and employees can access, you can better understand the threat and implement the necessary strategies.

Types of ransomware

Ransomware is constantly evolving, but there are some common variants.

Crypto-ransomware happens when hackers encrypt files, altering the data into a form that requires a secret key or password to be decoded. Victims can typically see this data and perhaps even use the system itself, but they can't access the data. In most cases, they must meet a deadline to pay the ransom to avoid data deletion.

Locker ransomware locks users out of their devices completely. In most cases, hackers don't destroy data but instead prevent victims from accessing it. Deadlines are also often used in these cases to convince victims to pay the ransom.

Hackers also often use leakware tactics like threatening to release confidential business information if the ransom isn't paid. This is also commonly referred to as Doxware.

Ransomware-as-a-Service, or RaaS, is an increasing threat that lets cybercriminals launch attacks through a fake Software-as-a-Service, or SaaS, business model. It doesn't take a lot of complex code to launch these attacks, making them among the most popular types of threats in recent years.

Common attack methods

Phishing emails are one of the most common ways ransomware spreads. These messages look like they're coming from a trusted institution or person you know, but they're actually sent by hackers. Often, these emails contain links to malicious websites or dangerous attachments. If you visit the site or download and open the file, the ransomware will infect your computer.

Scareware is another common method where hackers enable pop-ups containing fake warnings that your computer is infected with a virus when it actually isn't. They then ask you to take a specific action like installing antivirus software, but you'll end up downloading ransomware to your computer if you follow the prompt.

The importance of employee training

An employee awareness program can go a long way toward keeping your company protected. Make sure all staff has access to your cybersecurity plan, and teach them how to recognize questionable websites. Cover the hallmark signs of a phishing email, like requests to send money or for personal information, or an email address that doesn't match the sender's name.

Also consider partnering with a third-party vendor that sends simulated phishing attacks to give employees practice on detecting threats and responding appropriately.

Best practices to protect systems

Tools like spam filters that eliminate suspicious emails can help further reduce human error and protect your business. Also be sure to install strong firewalls, antivirus software and other security tools that protect network-connected devices like servers, desktops, laptops and smartphones.

Just remember to install software security updates and patches regularly because they often fix known vulnerabilities attackers will often exploit. It's also a good idea to frequently back up company data to the cloud or an external device not connected to your network. This can help you recover more quickly after an attack.

Steps to take after an incident

A written response plan with specific protocols can help you move forward calmly and swiftly if you're hit with ransomware. Employees responsible for minimizing damage can help by disconnecting a hacked device from the network, checking the status of backup files and calling a data recovery specialist if necessary.

The federal government encourages victims to immediately report attacks to the FBI or US Secret Service field office. You may also need to contact a lawyer about potential legal requirements, especially if the incident compromised sensitive customer data.

You'll also need to determine whether to pay the ransom for your data or devices. Although many victims end up paying, it's not what law enforcement agencies recommend because payment gives attackers an incentive to continue extortion. Cybersecurity insurance may help you recover any losses incurred from a ransomware attack.

The bottom line

While there are good reasons to fear ransomware, preparedness is the best defense. Be proactive in developing a cybersecurity plan and training employees. Purchase robust security tools, and update them regularly. Back up your data, and have an incident plan in place. These steps will help protect your business from ransomware and prepare you to respond if you're targeted.

This material is for informational purposes only and is not intended to be an offer, specific investment strategy, recommendation or solicitation to purchase or sell any security or insurance product, and should not be construed as legal, tax or accounting advice. Please consult with your legal or tax advisor regarding the particular facts and circumstances of your situation prior to making any financial decision. While we believe that the information presented is from reliable sources, we do not represent, warrant or guarantee that it is accurate or complete.

Third parties mentioned are not affiliated with First-Citizens Bank & Trust Company.

Links to third-party websites may have a privacy policy different from First Citizens Bank and may provide less security than this website. First Citizens Bank and its affiliates are not responsible for the products, services and content on any third-party website.

First Citizens Bank is a Member FDIC and an Equal Housing Lender icon: sys-ehl.

NMLSR ID 503941