Ransomware: 5 Important Training Topics for Employees

Ransomware attacks happen all the time to small and large businesses. What do your employees know about ransomware? Do they know what to look for and what to do if they suspect ransomware has infected their computer?

Your company needs ransomware training for all employees. This article will detail the key points to include: types of scams, signs you have ransomware, what to do if you have ransomware, what to do if you’re working remotely and prevention tips.

What is ransomware?

Ransomware is a type of cyberattack where cybercriminals hold your files hostage until you pay the ransom. They encrypt your files and (might) send the encryption key after payment is received. Ransomware is widespread and not just something large organizations deal with. Companies of any size need to be aware of ransomware, common tactics, and prevention tips.

Ransomware is popular, because it works! 

And it’s costly too! According to Beazley Breach Response (BBR) services, 71% of ransomware attacks targeted small businesses, after looking at 3,300 incidents in 2018. They found the average ransom demand was $116,324, and the median was $10,310. But it’s not just the ransom that is costly. Think about:

• Restoring or replacing data and equipment
• Loss of income during ransomware disruption
• Reputation damage
• Costs for IT and Cybersecurity expertise
• Employee training
• Even if you pay the ransom, there is no guarantee the hackers will provide the encryption key

Organizations of all sizes need to be aware of ransomware and at least have an awareness training program for employees. 

Ransomware awareness training for employees

Companies need to train all of their employees about ransomware. There are 5 major areas to discuss:

1. Types of ransomware and scams
2. Signs you have ransomware
3. If you have ransomware
4. If you are working remotely and have ransomware
5. Ransomware prevention tips

We’ll explore each of these five points below.

1) Types of ransomware and scams

There are many types of scams that can lead to ransomware. Your employees don’t need to keep current on all cybersecurity topics, but being aware of new scams (and yes, they are constantly evolving) is critical. 

Your employees should have an awareness of the common types of scams:

• Phishing: generic emails pretending to be from reputable companies in order to trick you into clicking a link or opening a file. Do you know our favorite phishing tip?
• Whaling/CEO Fraud: phishing attacks targeted at senior executives with the goal of stealing money, sensitive information or accessing company systems
• Spear phishing: phishing emails targeted at a specific individual to steal data or install malware
• Social engineering techniques: hackers are taking the time to scour company websites and social networking sites like Linkedin or Facebook, to find information to make their emails look legitimate

Here’s a common ‘ransomware’ scam: you get an email or an ad on a website that claims it's ransomware, but it's probably not. CALL (don't email) your IT team just to be sure. Most commonly it's these types of sextortion scams. They can be safely ignored. If they tell you your password, then you should change that password.

It’s important for employees to know to never open an email attachment or click on an email link unless they’re absolutely certain it’s safe to do so. Hackers know how to make an email look like it’s from someone you know or a reputable group. 

2) Signs you have ransomware

So how do you know your machine is infected with ransomware? There are a few common methods to be aware of:

• The obvious one - a message pops up on your screen telling you you have ransomware
• Weird files show up on your computer
• You try to access a file that you normally can access, and it's locked
• A file shows up on your computer with a ransomware name in it
• Locked web browser
• Scrambled file contents - mixed up file names and file contents that are indecipherable
• Unexpected software: AngryIP, Advanced Port Scanner, GMER, PC Hunter - most of which are legitimate tools but can be suspicious.

3) If you have ransomware

So you or your employees have ransomware. What do you do? 

• Disconnect your computer from the network. If you have an Ethernet cable, yank it out. If you use wifi, either turn off the wifi on your computer (e.g., airplane mode) or shut down the whole wifi system. This is the FIRST thing you should do, to prevent the ransomware from spreading.
• DO NOT turn your computer off, and try to keep it from going to sleep. Important evidence will get destroyed if you do that.  
• Call your IT team. Don't email. This is urgent.  
• Be prepared to not have access to your computer for a period of time. Your IT team will likely need to come and collect it.

4) If you are working remotely and have ransomware

Lots of employees are working from home due to COVID-19. What should you do if you’re working from home and find ransomware on your computer? 

• Follow the same steps -- disconnect your computer from the network, leave it powered on.
• If your work computer is on the same network as your personal computers, there's a chance that ransomware could have spread to your personal computers.  
• Call an IT company and ask for their help on what to do next.

5) Ransomware prevention tips

• Frequent scheduled backups: if you can restore your data there is no reason to pay a ransom.
• Keep software and systems updated: hackers exploit computer vulnerabilities. Protect yourself and your company by keeping your software updated.
• Train employees
• Require strong passwords and multi-factor authentication (MFA) as much as you can

Ransomware Playbook

We recommend that firms of all sizes should spend some time planning what they will do if they’re hit with ransomware. This specific plan for ransomware is called a ‘ransomware playbook’. Our article details 31 points to include in your ransomware playbook.

Conclusion

Ransomware is popular. Hackers will continue to use these tactics because they work! Whether you have a large or small organization, it is critical for your employees to know about ransomware. They need to know how to prevent it, how to look for it, and how to address it. Education is key when it comes to ransomware prevention.

How Adelia Risk can help

We’re cybersecurity experts who actually help! 

If you need help with your Ransomware Training or Cybersecurity in general, contact us!