Ransomware is one of the biggest cyber threats facing businesses today. These attacks have had a lot of prominence in the media, leading organisations to question their own state of security and reassess their risk.
Ransomware is a malicious piece of software, or malware, that bad actors use to infect systems and block user access to files and other important data by encrypting them. A large sum of money (the ransom) is then demanded in order to regain that access.
Ransomware can get into your computer in a number of ways such as:
Ransomware attacks can seriously impact an organisation and, although businesses are frequently told not to pay the ransom, many do so because they are concerned about operational downtime and the loss of data and so on. Ransom payments can be significant, for example in 2021, global meat processing company JBS paid an $11m ransom.
In general, it’s always best to avoid any sort of exchange with hackers and just focus on following your disaster recovery plan. It’s worth noting that often companies can pay the ransom and the hackers still don’t release their data anyway.
As long as ransomware hackers continue to get paid, ransomware will still be a threat but the cost of losing data is just too concerning for some businesses that they will see no other option than to pay.
Of course, the best solution is to ensure you have the appropriate measures in place to protect against malware in the first place. Limiting the chance of an attack being successful by implementing good cyber security policies and processes is something every company can do more of in order to avoid the repercussions of ransomware.
What would you do if your data gets encrypted and held for ransom by hackers?
One of the biggest concerns of a ransomware attack is losing access to this data, so the best action your company can take is to back up this data regularly.
You should create a few backups of important data, including one that is offline and off-site or in a cloud service, which is a popular option for businesses.
This is important because if malware infects your systems, it can spread throughout your network potentially damaging any backups stored within it. By using a variety of backup solutions and creating multiple copies you ensure that you’ll always have a clean copy of data.
You should test the restoration process regularly too, making sure backups run smoothly. Don’t forget to scan them for malware beforehand too!
With human error the number one cause behind cyber attacks, offering cyber security awareness training to employees is essential.
Helping your workforce know how to spot signs of ransomware can help protect your organisation against such attacks.
Often malware enters systems via a malicious email. These social engineering attacks are more sophisticated than ever, so it takes an extra cautious eye to spot something phishy.
Employees should always be hesitant about opening links and attachments, whether the sender appears to be someone they know or not.
Checking the email domain is legit and hovering your mouse over links to check the URL are quick ways to double check if you’re suspicious. It may seem like a pain, but these additional checks could make all the difference.
As previously mentioned, malware has the capability to extend its reach by reaching other devices on a network. But there are things you can do to prevent this from happening.
Network services like mail filtering to help spot phishing emails and internet security gateways which inspect web requests and identify malware can help you take control and be more secure as an organisation.
Web browsers and search engines have continually updated safe browsing lists which keep track of harmful websites, preventing access to them.
Hackers might also try to gain remote access to a device on your company’s network via Remote Desktop Protocol (RDP) using an employee’s leaked credentials, for example. They can then download malware straight onto the machine.
The best way to fight back against these methods is to strengthen user authentication measures. Enabling multi-factor authentication at all remote access points will make it much harder for an attacker to breach your network. Regularly reviewing and removing any unnecessary user permissions is also good practice.
Out-of-date or end-of-life software is a huge security risk as hackers will often look at uncovered exploits in the latest security patches and use these to target companies that have not brought their software up to date.
End-of-life software i.e. software no longer supported by the developer should be removed so bad actors cannot take advantage of this vulnerability.
Poorly patched devices were largely to blame for the severity of the WannaCry attack in 2017. Many of the affected Windows computers were not patched with the latest security update from Microsoft, allowing the malware to spread rapidly. It’s estimated that there were around $4bn in financial losses.
As techniques and technology evolve, bad actors will still find ways to bypass security measures you implement so it’s always important to be prepared for a ransomware attack.
Prevention is always the preferable approach to security, but if you’ve already been attacked it’s helpful to know what your immediate actions should be to get you out of the woods.
By aligning your security with the five critical controls of the Cyber Essentials standard, you can reduce your risk of being attacked by up to 80%. These controls cover key measures for preventing ransomware, including patching devices, managing access privileges and improving password health.
To find out more about the scheme and its benefits, download our Ultimate Guide to Cyber Essentials.