Skip to Main Content
A young female security specialist on call consults the digital screen in front of her.

Ransomware is on the rise – here’s how you can prepare

Visual scenario: Your company is the target of a ransomware attack. What do you do? Alt text: A set of images depicting the events that take place as a company called Buy More which is based in the Middle East and Africa is hit by a ransomware attack. The visual series begins with the headline: Your company is the target of a ransomware attack – what do you do? The first scene is an establishing shot of the Buy More offices. We then see Sarah at her desk on the phone. The day before Black Friday, Sarah starts receiving concerning calls from her colleagues. The customer service team is phoning to say products are disappearing from customers’ online shopping carts. We then see an image of a malfunctioning card machine as we’re told store managers are reporting that in-store customers are having challenges using their credit cards. Sarah flags the problem with the company CTO. What should the CTO do? A: Continue trying to solve the problem B: Escalate the problem to the CEO Next, we’re told the CTO has escalated the situation to the CEO, who asks to be kept updated, but now just 13 hours to Black Friday the situation goes from bad to worse. Images of angry Twitter posts show that Buy More has become a trending topic on Twitter, and company leaders realize they’ve been hit by a ransomware attack. In just 30 minutes the number of branches affected jumps from 12 to 25. Every hour without sales is money lost. This is depicted by a map of the company’s stores which have red exclamation marks above them. While the CEO orders reports on financial losses, the team gets a ransomware note from a known hacker. We now see an image of a sinister looking note that’s popped up on a computer screen. It reads: Your company data has been encrypted. Contact me through the below link to retrieve it. The company’s legal team advises not to contact the hacker, but the team is worried about further financial loss. What should they do? A: Contact the hacker using the link B: Ignore the message and try to mitigate the attack Entering the link, the team is met with a distorted robotic voice advising them the hacker has all of their customer data – names, addresses and identification and credit card numbers. We now see an image of a computer screen with a menacing notice indicating to the shopper that the Buy More website is down. Unless Buy More pays $10 million in bitcoin, the hacker threatens chaos on Black Friday. Images of multiple phones ringing in an office with spiky speech bubbles emanating from them indicate people are phoning Sarah. With the website now down completely, journalists call for comment. Brand reputation is now at stake. One hour to Black Friday, the CFO suggests paying the ransom to secure Black Friday sales and offset the damage. This is depicted by an image of a clock registering one hour to midnight with a ticking time bomb strapped behind it. The financial losses could be crippling if the ransom isn’t paid. But there’s no guarantee the hacker will return the stolen data if it is paid. What should the CEO do? A: Pay the ransom B: Not pay the ransom A new set of images begins under the headline: How the story should have begun It’s now six months before Black Friday. Having noted the increasing number of ransomware attacks on businesses in the region, Buy More’s IT Manager, Sarah gets the company’s IT, security and business teams together. We see a diverse team of executives around a boardroom table in the Buy More offices. They discuss which business-critical systems are most important and immediately begin regular backups of those systems. Understanding attackers will deliberately target backups, Sarah suggests they move their data to the cloud to benefit from automatic backups. Some backups are also isolated offline. This is depicted by an image of Sarah with a light bulb/idea above her head. Sarah knows that cloud providers like Microsoft Azure have tools to help businesses restore backups faster and can protect systems required for recovery. This is depicted by an image of a computer screen, registering a backup process loading. As an extra precaution the security team ensures online backups can only be modified or erased using multi-factor authentication. Now we see an image of a mobile phone screen asking for a password. We then see an image of an IT technician working behind a computer. Other team members stand alongside him, consulting with him as he works. This is to depict how over the following months, the team simulates how they would respond in the case of an attack, ensuring they can rapidly bring critical business operations online from zero functionality. Finally, it’s once again the morning before Black Friday and Sarah is calmly enjoying her morning cup of coffee. We again see Sarah at her desk on the phone as the customer service team calls to say products are disappearing from customers’ online shopping carts. We again see an image of a credit card machine with an error sign on the screen as we’re told the store managers have come with reports that in-store customers are having challenges using their credit cards. But Sarah calmly runs a full antivirus scan on all computers and devices she now suspects have been hit by ransomware. She suggests managers offer customers some discount coupons while they wait. Here we see an image of a computer screen with a Microsoft security update running front and center. In front of the computer is a nice steaming mug of coffee. We then see the image of the same map of Buy More’s stores from earlier, but the red exclamation marks are turning to green ticks. This is to show that Sarah has detected and removed the associated payload and is beginning to restore all business-critical systems. Finally, we see an image of a confused hacker sitting behind his computer with a question mark above his head. The closing text suggests that luckily, now the only person having a blue black Friday is the hacker.

Visual scenario: Your company is the target of a ransomware attack. What do you do? Alt text: A set of images depicting the events that take place as a company called Buy More which is based in the Middle East and Africa is hit by a ransomware attack. The visual series begins with the headline: Your company is the target of a ransomware attack – what do you do? The first scene is an establishing shot of the Buy More offices. We then see Sarah at her desk on the phone. The day before Black Friday, Sarah starts receiving concerning calls from her colleagues. The customer service team is phoning to say products are disappearing from customers’ online shopping carts. We then see an image of a malfunctioning card machine as we’re told store managers are reporting that in-store customers are having challenges using their credit cards. Sarah flags the problem with the company CTO. What should the CTO do? A: Continue trying to solve the problem B: Escalate the problem to the CEO Next, we’re told the CTO has escalated the situation to the CEO, who asks to be kept updated, but now just 13 hours to Black Friday the situation goes from bad to worse. Images of angry Twitter posts show that Buy More has become a trending topic on Twitter, and company leaders realize they’ve been hit by a ransomware attack. In just 30 minutes the number of branches affected jumps from 12 to 25. Every hour without sales is money lost. This is depicted by a map of the company’s stores which have red exclamation marks above them. While the CEO orders reports on financial losses, the team gets a ransomware note from a known hacker. We now see an image of a sinister looking note that’s popped up on a computer screen. It reads: Your company data has been encrypted. Contact me through the below link to retrieve it. The company’s legal team advises not to contact the hacker, but the team is worried about further financial loss. What should they do? A: Contact the hacker using the link B: Ignore the message and try to mitigate the attack Entering the link, the team is met with a distorted robotic voice advising them the hacker has all of their customer data – names, addresses and identification and credit card numbers. We now see an image of a computer screen with a menacing notice indicating to the shopper that the Buy More website is down. Unless Buy More pays $10 million in bitcoin, the hacker threatens chaos on Black Friday. Images of multiple phones ringing in an office with spiky speech bubbles emanating from them indicate people are phoning Sarah. With the website now down completely, journalists call for comment. Brand reputation is now at stake. One hour to Black Friday, the CFO suggests paying the ransom to secure Black Friday sales and offset the damage. This is depicted by an image of a clock registering one hour to midnight with a ticking time bomb strapped behind it. The financial losses could be crippling if the ransom isn’t paid. But there’s no guarantee the hacker will return the stolen data if it is paid. What should the CEO do? A: Pay the ransom B: Not pay the ransom A new set of images begins under the headline: How the story should have begun It’s now six months before Black Friday. Having noted the increasing number of ransomware attacks on businesses in the region, Buy More’s IT Manager, Sarah gets the company’s IT, security and business teams together. We see a diverse team of executives around a boardroom table in the Buy More offices. They discuss which business-critical systems are most important and immediately begin regular backups of those systems. Understanding attackers will deliberately target backups, Sarah suggests they move their data to the cloud to benefit from automatic backups. Some backups are also isolated offline. This is depicted by an image of Sarah with a light bulb/idea above her head. Sarah knows that cloud providers like Microsoft Azure have tools to help businesses restore backups faster and can protect systems required for recovery. This is depicted by an image of a computer screen, registering a backup process loading. As an extra precaution the security team ensures online backups can only be modified or erased using multi-factor authentication. Now we see an image of a mobile phone screen asking for a password. We then see an image of an IT technician working behind a computer. Other team members stand alongside him, consulting with him as he works. This is to depict how over the following months, the team simulates how they would respond in the case of an attack, ensuring they can rapidly bring critical business operations online from zero functionality. Finally, it’s once again the morning before Black Friday and Sarah is calmly enjoying her morning cup of coffee. We again see Sarah at her desk on the phone as the customer service team calls to say products are disappearing from customers’ online shopping carts. We again see an image of a credit card machine with an error sign on the screen as we’re told the store managers have come with reports that in-store customers are having challenges using their credit cards. But Sarah calmly runs a full antivirus scan on all computers and devices she now suspects have been hit by ransomware. She suggests managers offer customers some discount coupons while they wait. Here we see an image of a computer screen with a Microsoft security update running front and center. In front of the computer is a nice steaming mug of coffee. We then see the image of the same map of Buy More’s stores from earlier, but the red exclamation marks are turning to green ticks. This is to show that Sarah has detected and removed the associated payload and is beginning to restore all business-critical systems. Finally, we see an image of a confused hacker sitting behind his computer with a question mark above his head. The closing text suggests that luckily, now the only person having a blue black Friday is the hacker.

The best way to mitigate against ransomware attacks is to ensure your organization has a viable alternative to paying the ransom. Paying the ransom isn’t as simple as it may seem, and there is a lot of uncertainty around how well paying the ransom will work. To avoid being forced into payment, the most immediate and effective action you can take is to make sure your company can restore your entire enterprise from immutable storage, which neither the attacker nor you can modify.

Find out more about preparing for a ransomware attack.