10 Critical Steps to Survive a Ransomware Attack, Step 10: Prepare for the Worst

Here we are at the 10th and final step to survive a ransomware attack. If you’ve been following along, you’ve already done (or at least thought about) a lot!
  1. Hopefully you’ve dropped your administrative rights over your system, as this is a really simple thing to do, costs almost nothing, and quickly enhances your system’s security.
  2. You’ve checked your systems to make sure they’re fully patched, including not just the operating system, but third-party programs as well, and you’ve got someone watching over these to make sure the correct patches are rolled out promptly.
  3. You’ve gotten (or at least looked into getting) a web content filter to screen out malicous websites before your systems are allowed to access them.
  4. Your IT provider has configured your firewall to allow only legitimate traffic out from inside your network, so that if a computer on your system is compromised, it won’t be able to talk to the bad guys in charge.
  5. Your email administrator has restricted attachments, blocking anything that is not absolutely required.
  6. You’ve identified the points on your system where data is stored, and worked with your IT provider to restrict access to only those who need it on a need to know basis, instead of just opening everything up to everyone.
  7. You’ve verified that you have rock solid backups, appropriate to your required level of recovery, so that your business could get “back to business” rapidly in the event of a disaster.
  8. You’ve let your staff know that they are constantly at risk from Internet threats, and have investigated implementing a security awareness program to keep them and your critical assets safe from phishing scammers.
  9. You’ve worked with your IT staff, or at least started the conversation, to whitelist and allow only authorized applications to run on your network, making it so that malware won’t be allowed to run if it somehow slips through the above controls.
So, that’s it! We’re done, right?
Not quite. Here’s the reality. Even if you did all of the above, there’s still a chance something could go wrong. A brand new virus might sneak through the filters, an employee might still fall for a convincing scam, your backups may fail, etc. This should be no means be an excuse for inaction! That is a pathetic excuse, like saying “well, if I get into a really bad car accident, even if I wear my seatbelt, I could die. Therefore, I don’t wear it.” That’s just plan ridiculous.
Should all of the above fail, your last line of defense is to have a comprehensive insurance policy that will cover you in the event of a disaster or an extortion case. Do not assume your current insurance policy includes this! As new threats and risks emerge, insurance policies frequently cite these as exclusions, and require separate policies to provide coverage. Talk to your insurance agent about these and find out what is, and what is not covered.
Also, should you get hit by ransomware, you should be prepared to pay a ransom, in Bitcoin. Bitcoin is an online currency that – when properly maintained – is completely untraceable (which is why criminals favor it over things like credit cards, gift cards, etc.). If you’ve never exchanged US dollars for Bitcoin, do yourself a favor and set up an account with a reputable Bitcoin exchange today, as this process can take over a week to set up. If your system is compromised and you have no recourse other than to pay the ransom, you don’t want your entire business to be stuck for a week twiddling its collective thumbs while you wait for initial ACH transfers to process so you can pay the ransom.

Peter Nikolaidis is an information security professional based in Cambridge, MA. He holds several information security certifications, including the CISSP. In his spare time, he enjoys practicing martial arts and yoga, mountain biking, and thinking about ways to protect the innocent… often from themselves. Connect with Peter on LinkedIn.