Malware attacks are increasingly common, especially against small and medium-sized businesses (SMBs). In fact, according to a 2023 report by the Cybersecurity & Infrastructure Security Agency (CISA), 43% of cyberattacks target SMBs.
The good news is that, with the right security measures, these attacks are preventable. Plus, even if your business is hit by malware, there are steps you can take to minimise the damage.
However, time is of the essence in case of an attack, so you must act quickly and decisively. Once you realise (or suspect) one of your devices is infected, it’s crucial that you follow the right procedures.
Moving forward, we’ll guide you through the key steps to keep your data safe and avoid the devastating consequences of a breach. As a bonus, we have a few preventive measures that will make it harder for ill-intended actors to breach your defences in the future.
What is Malware?
Malware, short for malicious software, refers to any software intentionally designed to disrupt, damage, or gain unauthorised access to computer systems.
Cybercriminals use malware to steal sensitive information (financial information, intellectual property, medical records, personal identifiable information, and so on), encrypt or delete data, spy on users’ activities, and even take control of entire systems without the user’s knowledge or consent.
While there are many types of malware out there, these are some of the most common ones:
- Ransomware: Ransomware encrypts a user’s data, rendering it inaccessible until a ransom is paid. Even after paying, there’s no guarantee that access to the data will be restored.
- Viruses: A virus (malicious software) attaches itself to legitimate programs or files and spreads when the infected program is executed. It can corrupt or delete data and, in some cases, make systems inoperable.
- Trojans: Named after the legendary Trojan horse, these bits of malicious software disguise themselves as legitimate software. Once installed, they can create backdoors for cybercriminals, steal data, or facilitate other types of malware.
- Spyware: Spyware secretly monitors user activities, collecting information such as passwords, credit card numbers, and browsing habits.
- Adware: Adware automatically delivers unwanted advertisements to users. While often more annoying than harmful, it can also be bundled with spyware or redirect users to malicious websites.
- Worms: Unlike viruses, worms are standalone malware that replicate themselves to spread across networks. They exploit vulnerabilities in software or operating systems, often leading to widespread damage.
- Fileless Malware: Unlike traditional malware, fileless malware doesn’t rely on files or software installations to infect a system. Instead, it exploits existing software, applications, and system processes, making it harder to detect since it leaves no obvious trace on the hard drive. Fileless malware often resides in the computer’s memory and uses legitimate system tools to execute malicious activities.
Each type of malware has its own method of spreading, objectives, and potential damage. However, if you’re not a cybersecurity specialist, it can be difficult to know what hit you in case of an attack.
Luckily, the steps to stop an attack from spreading further into your network are easy to understand and follow.
Steps to Follow if You’re Infected
When there’s confirmation that one or more devices have been infected by malware, most people panic, and the first move is to format or reinstall the infected unit(s). While it might seem like a straightforward move, this is a mistake because it overlooks deeper issues.
At this stage, you don’t know what the malware has done to your network and other devices. The malicious software might have spread across the network or could have created hidden gateways for cybercriminals.
So, the first step is to resist your first instinct to wipe the device clean by format and reinstall. If you wipe the computer immediately, you might destroy valuable clues about how the malware operates and how far it has spread.
So, keep calm and take the essential first steps to minimise damage:
1. Disconnect and Power Down
- Immediately disconnect the affected computer(s) from your network. Turn off the wireless connections and unplug any network cables. This allows you to isolate the problem.
- Disconnect external storage devices. Many forms of malware also try to corrupt your external storage devices, so quickly remove your external hard drives or thumb drives to ensure they’ll stay clean.
- Power Off, but only as the last option! Switch off the computer(s) to prevent further spread or data leakage, but only if the malware is encrypting all the data and you aren’t able to understand the operations it is performing.
2. Consult a Specialist
Now that you have managed to isolate the problem, the next step is to consult with a certified malware analysis specialist. These professionals, like OSH’s head of security, Max, are certified in malware analysis and can guide you through recovery.
So, if you call us, Max will examine the specific malware that wiggled its way into your network, understand its mechanisms, and guide you on how to reverse the damage effectively and securely.
How to Prevent Malware in the First Place
While no security system is 100% guaranteed, having the right measures in place makes it a lot more challenging for ill-intended actors to gain access to your data. Plus, most are looking for easy targets, so the’re a good chance they’ll give up after the first few attempts.
The best way to make sure you have all the necessary measures in place is to adhere to recognised security frameworks like Essential 8 or ISO 27001. Still, these standards can be too much for SMBs, so it’s best to start with SMB1001 Gold.
Additionally, it’s essential to restrict privileges for those who use your business’s network. Not everyone in your team needs administrative privileges on their work devices. Also, keep an eye on who can access which files in your database.
Malware often needs administrative privileges to install itself. By restricting access, even if malicious software infects one unit in your network, it won’t have the possibility to spread further.
Don’t Wait Until Malware Finds You!
With how widespread cyberattacks are nowadays, it’s only a matter of time before your defences will be tested.
What will happen then? Will your security systems pass the test?
If you haven’t yet taken the steps to achieve, at least the SMB1001 certification level, now is the time to act! We recently got our SMB1001 Gold certification and helped several of our clients get theirs, so our team of well-trained specialists has the hands-on experience needed to guide you through the process.