Tax professionals are not strangers to phishing scams, and one of the most malicious varieties has seen an uptick in activity. Today we’re wrapping up the final entry in our three part series about ransomware, which will cover what to do once you’ve become a victim of an attack.
When the WannaCry ransomware scheme popped up in May 2017, people around the world discovered an unfamiliar red screen after booting up their computer that contained the following line: “Ooops, your files have been encrypted!”
Victims were unable to access any files stored on their computer. Seemingly, their only recourse was to send $300 in bitcoins to a provided web address. Making matters worse, two countdown timers loomed menacingly on the left-hand side of the screen: one tracking the amount of time left before the ransom increased; the other showing how long until all files were permanently deleted.
What Should I Do After a Ransomware Attack?
If you were unfortunate enough to find yourself confronted with this screen, chances are you wondered what to do next.
First things first, literally pull the plug on your computer’s Internet connection.
In the June ransomware attack, the malicious software would spread to other computers on your network—even if those users didn’t mistakenly click on a link in a phishing email or popup window. After that, you’ll probably want to consult with a technology specialist.
According to Adam—one of our in-house IT specialists—the best response requires a bit of forward planning. “Depending on the type and severity of any virus infection, it may require formatting the computer and starting over,” he says. “In this situation, you need to keep a recent backup of all your files on an external hard drive, the cloud, or a similar service. Having a current backup makes the process much simpler.”
Depending on the frequency of your backups, you might lose some data. That being said, there’s a pretty big difference between losing a few days’ worth of work and having everything wiped out.
But what should you do if you didn’t make a backup of your files?
The short answer? You don’t have many options. And in the case of WannaCry, decrypting your files without an attacker-provided key may not be possible.
Should I Pay the Ransom?
The cybercriminals behind the May and June ransomware attacks didn’t always unlock victims’ files after receiving payment, and that’s the rub: there is no guarantee that complying with their demands will return your files. For a tax business storing very sensitive client tax information, that outcome can yield pretty disastrous results.
Unfortunately, “proactive” seems to be the word of the day. Keep your operating system and all applications up to date, run antivirus and anti-malware programs, and keep regular system backups. To do otherwise means rolling the dice, and the house almost always wins.