The US Federal Trade Commission has shared guidance for small businesses on how to secure their networks from ransomware attacks by blocking threat actors’ attempts to exploit vulnerabilities using social engineering or exploits targeting technology.
The first step businesses are advised to take to fend off such attacks is to ensure their tech teams follow the best practices outlined by CISA in this Ransomware Guide and the Fact Sheet on Rising Ransomware Threat to Operational Technology Assets.
Businesses hit by a ransomware attack should limit the damage by isolating compromised devices from the rest of the network, report the attack to the authorities, and notify their customers if any data was stolen before the systems were encrypted.
The FTC also provides a detailed guide with all the steps businesses have to take to respond to a ransomware attack effectively.
Last month, the Treasury Department’s Financial Crimes Enforcement Network has revealed the actual scale of financial losses suffered by ransomware targets lately by linking almost $5.2 billion in outgoing BTC transactions to ransomware payments.
FinCEN’s analysis is derived from Suspicious Activity Reports linked to ransomware incidents and filed by US financial institutions this year, between January 2021 and June 2021, as required by the Bank Secrecy Act.