3 Key Signs of a Potential Ransomware Attack

3 Key Signs of a Potential Ransomware Attack

Somewhere -- right now -- countless cybercriminals are planning ransomware attacks and have likely been planning each attack for weeks or even months.

At any given time hundreds of companies could have ransomware cybercriminals invisibly hiding in their network and planning their next move. Insurers each day receive up to 100 claims of ransomware attacks, with the average attack lasting between 60 to 120 days. That means, quite literally, ransomware attacks are happening everywhere all the time.

This all begs the question: what are the warning signs of a ransomware attack?

How can you stay vigilant?

How should you prepare your employees to recognize a potential attack? 

What should you do if you think an attack is in progress? 

First, let’s start with:

3 warning signs you are VULNERABLE to a ransomware attack

#1 - You're not paying for "Enterprise-grade" Endpoint protection. 

Are you like the many small businesses running free anti-virus protection or relying on the built-in Windows Defender or Microsoft Security Essentials for your protection? If so, you are not doing enough! You need protection that explicitly seeks out ransomware activities. Any competent IT Company providing you with ongoing IT services should include ransomware protection in their monthly offering. Ask your IT Company to confirm this.

#2 - You're using a free email account for business purposes.

If you're using a free email account (e.g., ending in gmail.com, cox.net, yahoo.com, or the like), you're not protected by enterprise-grade email protection features that hunt out for malicious emails. With free email platforms you get what you pay for, and your employees will be exposed to threats. You're one click away from disaster. Check out our related blog: What Using a Free Email Service Says About Your Business.

#3 - You're using a firewall supplied by your ISP or from Amazon in business.

Unfortunately, no ISP in Arizona will supply you with a sufficient firewall for business use. Also, if you or your IT Guy got your firewall from Amazon, it's highly likely to be insufficient for your business's needs. In 2020, if you're a business and have an internet connection, you must have a Next-Gen firewall that actively seeks out threats and blocks traffic based on patterns. 

If you're vulnerable and attackers get into your business and start running ransomware programs, what follows may help. Unfortunately, the entire point of this kind of attack is for the intruder to go undetected until they're ready to start encrypting and holding your data for ransom. The key is PREVENTION and having an IT Company monitoring for ransomware-like activity. 

3 Key Signs of a Potential Ransomware Attack

#1- If one of your staff reports that they clicked on a suspicious link, but nothing happened.

Attackers will spend weeks or even months figuring out your network's weaknesses after an initial entry is made. If you're running without Endpoint protection, this could be the beginning of your problems.

#2- Unexpected software tools, shortcuts, and programs are running on your computers.

This isn't a sure sign but anything helps in terms of alerting your IT Company to events that could lead to detection. If your attackers are sloppy, you may notice tools like Microsoft Process Explorer installed on your computer without your IT Company involved. The key is to be aware of what's normal, and when you see the abnormal, question it and have it checked out. If it was a false positive, you could learn from it, and your IT Company will appreciate that you're an active set of eyes on the security of the business (we love this!).

#3- If you're able to remote into your office and can say, "it's easy to remote in!".

This doesn't necessarily indicate you're being attacked right now; but it could tell you if you're vulnerable. Remoting into your office should be a bit of a hassle. Long/complex passwords, where if you enter the wrong password a few times, you're locked out, are good things. You also possibly need a VPN connection active first, or you have to enter a multi-factor token to connect. These are signs of a more secure remote access system.

You shouldn't be able to simply double-click on an icon and immediately have access to your desktop. If you have easy access, it's likely your easy access method is under attack 24/7 by automated attacks, and it's just a matter of time until you're staring at a ransom note. 

If you identify any of these critical early signs of a ransomware attack at your business, what do you do? 

First, loop in your IT Company immediately so they can determine if this is a legitimate attack.  If so, they should be able to head off the attack before it does too much damage. If the attack wasn’t headed off in time, we've written a full blog regarding what to do once you've received a ransom note located here: What To Do If You Get CryptoLocker Ransomware Attacked.

How can you secure your business moving forward? 

  1. Work with a competent IT Company and engage them in an ongoing agreement that includes updating and monitoring the IT security fundamentals: Next-Gen Firewall, Endpoint Protection, Security updates for Windows and 3rd party applications. 
  2. Train your staff to be wary of any unknown links sent via email. Always have their verify with your IT team if links are safe to click. Better safe than sorry. 
  3. Enable two-factor authentication and require strong passwords across your network. When in doubt, update all passwords across the network. 

If your business needs assistance securing their network, please reach out to us