How to defend organizations against malware or ransomware attacks

Cyber insurance offers by far the best protection against malware attacks. GetCyber’s offerings can save business owners over 99% of the potential losses from a ransomware attack. In addition to obtaining sufficient cyber coverage, several steps can be taken to reduce the chances of an attack and mitigate as much loss internally as possible once one occurs. This guide helps organizations deal with ransomware and other types of malware. It provides clear actions to help organizations prevent malware and take steps to minimize loss.

Key topics:

  • What is malware?
  • Actions to take
  • Steps to take if your organization is already infected
  • How cyber insurance can protect against loss

What is malware

Malware is malicious software that can cause harm in many ways, including:

Causing a device to become locked or unusable.

Stealing, deleting, or encrypting data by taking control of your devices to attack, obtaining credentials that allow access to your organization's systems, or aggressively using services that may cost you money while locking you out (e.g., premium rate phone calls).

Ransomware is a type of malware that prevents you from accessing your computer (or the stored data). The computer itself may become locked, or its data might be stolen, deleted, or encrypted. Some ransomware will also try to spread to other machines on the network, such as the recent ransomware attack on the Maryland Department of Health which left hospitals struggling amid a surge of COVID-19 cases.

Usually, you're asked to contact the attacker via an anonymous email address or follow instructions on an unknown web page to make payment. The payment is usually demanded in a cryptocurrency such as Bitcoin in exchange for unlocking your computer or granting you access to your data (ironic, we know). However, even if you pay the ransom, unlocking your system isn’t guaranteed. The cybercriminals could just take your payment and run. This is known as wiper malware.

Actions to take

You can take some actions to help prepare your organization from potential malware and ransomware attacks.

Action 1: make regular backups

Action 2: prevent malware from being delivered and spreading to devices

Action 3: prevent malware from running on devices

Action 4: prepare for an incident with an incident response procedure and policy

Steps to take if your organization is already infected

If your organization has already been infected with malware, these steps may help limit the impact:

Immediately disconnect the infected computers, laptops, or tablets from all network connections, whether wired, wireless, or mobile phone-based.

In a severe case, consider whether turning off your Wi-Fi, disabling any core network connections (including switches), and disconnecting from the internet might be necessary.

Reset credentials, including passwords (especially for administrator and other system accounts) - but verify that you are not locking yourself out of systems needed for recovery.

When you restore from a backup, always verify that it's free from malware. You should only restore from a backup if you're confident that the backup and your connecting device are clean.

Connect devices to a clean network to download, install and update the OS and software. Reconnect to your network—Monitor network traffic and run antivirus scans to identify infection.

How Cyber Insurance can protect against loss

–Situation:

A company that sells furniture has a cyber insurance policy with business interruption coverage. The company gets slammed with a ransomware attack that encrypts its data and cripples its systems.  The ransomware gang demands $25,000 in Bitcoin to restore access.

–Outcome:

After consulting an incident response and forensic expert, the company decides to pay the ransom. The company receives a decryption key that permits access to the encrypted data. A forensic accountant calculates that the company’s business interruption missed $175,000 in lost revenues based on potential sales during downtime. The cyber insurance policy covered the $25,000 ransom and paid $175,000 of business interruption loss.

Lost revenues: $175,000

Ransomware: $25,000

Retention: $5,000

Paid by the insurer: $195,000

Protecting businesses by implementing correct cybersecurity protocols and cyber insurance coverage is increasingly necessary for all business types, from small to large. In addition, companies should actively assess their cyber risk profile and protect themselves from residual risk. Click here to get a cyber insurance quote in 60 seconds.