Ransomware attacks have reportedly continued to grow in 2022, as criminals hone their skills in grabbing our data and wanting money to release it. Today, it’s not just government and large businesses that are at risk. Small to mid-size businesses are at greatest risk.

That’s because a) they often don’t have enough security in place and b) let’s face it, today’s attacker might be content with $300,000 each from a cluster of them rather than $30 million from a giant firm. Attracts less attention, for one thing. Here’s Blackfog’s monthly list of publicly reported attacks in 2022.

In the first 30 minutes…

Don’t just panic and agree to pay:

[Kevin] Epstein says international law enforcement and white hat hackers usually disable or disrupt widespread attacks within a day or two, so do not pay the ransom… Remove the Ethernet cable or disconnect from Wi-Fi, and pull any attached storage drives… He says most cyberattacks spread from computer to computer, so make sure your computer is not connected to the company’s network…

Will Yakowicz, “Don’t Panic if You Get Hit With Ransomware. Follow These 6 Steps” at Inc. (June 28, 2017)

He also warns targets of an attack not to turn the computer off because that might erase evidence of the crime. Your company might need that evidence for an insurance claim.

While gathering information (especially if you are the supervisor):

Find out which terminal was first attacked:

Examine the properties of one of the infected files to see who is listed as the owner. This will at least allow you to know who was the original end-user target, or person who clicked on the ransomware link… Now’s the time to get all of those users who are reporting trouble opening files, weird file names, etc. off of network sharing and isolated. This is usually the time when you determine the cause of the infection, and subsequently send out alerts with uninfected users to be on the lookout for whatever type of ransomware file encryption you’ve discovered. If there are other users or persons who need to know about the attack, now is the time to tell them as well.

“Steps to Follow When Hit by Ransomware” at Spade Technology (January 25, 2022)

Also, “try to take a screenshot of the ransom note. If that’s impossible, use a phone or camera to take a photograph of the note on your screen. This can be used as evidence should you decide to file a police report later on.” – Gabe Carey, TechRadar.pro (March 6, 2018)

In the first day or so…

There is now a number of free decryptor tools out there that the computer technician can use to try to head off the crooks’ payday. The No More Ransom site offers a number of tips as well as tools to kow about.

That said, there may be some unpleasant surprises:

Unfortunately, you may find that having your files encrypted is only part of your ransomware problem. According to Marcus Chung, CEO of BoldCloud, cyber criminals are also breaking into systems and downloading sensitive files before they perform the encryption process.

“It exfiltrates the data before it does the encryption and notifies the ransom request,” Chung said. “This increases the chances that you’ll pay the ransom.”

Wayne Rash, “You’ve Been Hit With Ransomware – Next Steps To Recovery” at Forbes (February 22, 2020)

Going forward…

Chances are, whatever else happens post-attack, a smaller firm will be dealing with a computer security company (if it wasn’t earlier). But rather than leaving everything to them, here are some conventional self-protection strategies:

Our attackers may be smarter than we think:

After all, they’re experts at what they do:

While experienced computer users might feel insulted by the idea that they need to learn what exactly a phishing email looks like, the fact of the matter is that hackers are improving their trickery by the day. Social engineering can fool users into believing that an email with a legitimate-looking attachment is truly from their friend, coworker, bank, social media company, or more.

Particularly apt malicious actors gain access to a user’s email and then send a message that directly relates to something that the user was discussing previously.

Angela Karl, “What to do if you’re hit with a ransomware attack” at TechGenix (April 1, 2019)

If it’s anything to do with money:

Government agencies, banks, and credit card companies go to a great deal of trouble these days to distinguish their communications from those of criminals — to such an extent that their security measures themselves can be a time-and-money hassle. So, if in doubt, just get out! Fast.

Keeping up to date:

Trying every possible entry point keeps the grifters in business, right? Here’s a tip for remote workers:

Seemingly innocent devices such as USB thumb drives are commonly used to infect employees’ devices and deploy malware or ransomware. With employees working remotely, it’s essential to keep them aware of the risks of plugging unknown devices into their computers.

Jack Koziol, Kelly Main, “How Training Employees About Ransomware Can Mitigate Cyber Risk” at Forbes (April 28, 2022)

A number of sources also recommend removing unnecessary access or software: “That way, the ransomware cannot utilize these credentials to access other systems and propagate around the network.” – Asher de Metz, Sungard, November 24, 2020. And we would hardly want to find out that software no one uses now anyway was the entry point.

Think of it as piracy on the non-material high seas of information. After all, it is our information that is valuable, not that machine or thumb drive.