A ransomware attack hit large companies across Europe and the U.S., spreading through 65 countries in two days. The "Petya" virus, which encrypts a machine's files, demands ransom, and spreads to other machines throughout a company's network, has affected pharmaceutical giant Merck, international law firm DLA Piper, Danish shipping and transport firm Maersk, and Ukraine's Chernobyl power plant.
Petya, or any cyberattack, can cripple a business if it is not prepared, says Kevin Epstein, vice president of threat operations at cybersecurity firm Proofpoint. The first 30 minutes are crucial during any attack, he says.
Epstein says there are six steps every company should take to limit damage from a virus or ransomware attack.
1. Alert your IT department and do not make any rash decisions.
"Don't panic is the first step," he says. "Too often, people take extreme action--ripping out the computer plug, paying the ransom right away. Stay calm; you have time."
Epstein says international law enforcement and white hat hackers usually disable or disrupt widespread attacks within a day or two, so do not pay the ransom.
"The authorities shut down WannaCry's ability to collect ransom in 24 hours," says Epstein. "Petya's email service provider eliminated their method of payment in four hours."
He also says many hackers will not decrypt your files after being paid, so hang tight.
2. Isolate your computer. Remove the Ethernet cable or disconnect from Wi-Fi, and pull any attached storage drives.
"It's like a flu patient--if you leave someone with a fever coughing and sneezing for eight hours in an enclosed space, people will get sick," says Epstein.
He says most cyberattacks spread from computer to computer, so make sure your computer is not connected to the company's network.
3. Keep your computer on.
"Do not turn your computer off," says Epstein. "If you turn off your machine, you could end up removing evidence of the crime, removing critical files you could've used to decrypt, or it might not ever turn back on."
4. Collect the evidence so IT can start working on the response, so law enforcement can file a report, and so your company can file an insurance claim.
"Take a picture of the ransomware message screen," says Epstein.
5. Go find your backup.
"The best way to deal with ransomware is to wipe the hard drive and reboot from your backup hard drive in the cloud or a local drive," says Epstein. "Your IT professional should be taking it from here. If you don't have a backup, it could be a big problem. There are cases, especially for small businesses, where businesses do not have backups and it becomes a terminal event."
6. Review your security protocols.
"Surviving a cyberattack requires prevention, detection, and recovery," says Epstein. "Make sure you keep your machine's software updated, and make sure all vulnerability patches are up-to-date."
He says 99 percent of all cyberattacks are launched via email, so you need to have a modern email security system that tracks behavior of email attachments and URLs.
Epstein says you need to get used to cyberattacks, and you need to educate your employees.
"This is not a fad. This is the state of affairs, and malware and ransomware are here to stay," says Epstein. "In the physical world, we lock our doors, we get flu vaccinations, and move on. We do not panic. That is how you need to respond to cyberattacks."