It is difficult to avoid the topic of Ransomware at the moment. In answer to a large number of questions from our customers we thought it would be useful to dispel some of the myths and misconceptions around this insidious cyber-crime that is affecting so many, from small businesses (and home users) to corporate enterprises.
What is Ransomware?
Ransomware is a form of malware (Malicious Software) which targets your critical data and systems with the sole purpose of extorting money by preventing any access to your data and systems. Once the data or system has been rendered totally inaccessible by the cyber-criminals the victim will receive a demand for payment in return for an avenue that will provide the victim with a supposed unlocking solution to access to the data.
Why is Ransomware so effective?
Once infected by ransomware, files on your PC or the network are encrypted and important business documents, customer information and databases are inaccessible. The level of encryption can vary but is usually of a very high standard. Once your files are encrypted you will be prompted to pay for the key to unlock your files and gain access to your own company information. Ransomware also borrows from another form of malware, called scareware and you will see a countdown to create a sense of urgency and intimidate you into making a snap decision and pay.
What can I do to prevent a cyber-attack by Ransomware?
The risk of financial loss and damage to a business’s reputation are very real. Prevention is always preferable as a cure is often not available, especially as the level of encryption can be as sophisticated as that used by financial institutions to protect payments made by their customers. As a result, sometimes making the recovery of crucial company information not only complicated but often in the worst case scenario impossible.
The following are first line recommendations to protect your businesses’ crucial information and avoid devastating disruption to your company`s ability to trade and a subsequent malicious ransom demand.
It is therefore cheaper to focus on prevention than pay for the consequences. When company devices are not protected (and employees lack the relevant awareness training) it is highly likely in the event of a ransom infection that valuable data stored on company devices and subsequently discs connected to them via networks will be lost forever.
- Back up data regularly. Having a regularly updated backup regime is one of the best ways to defeat a ransomware attack before it can start it`s malicious activity. As malware can encrypt drives that are mapped and have been assigned a drive letter and sometimes even drives such as network and cloud file files and USB thumb drives ideally utilising a backup using an off-site, offline device for storing the backup files.
- Patch and update your software regularly. Businesses can significantly reduce the risk of malicious activity by having a policy of updating company software and devices as often as possible. Malware authors frequently prey on companies running outdated software with known vulnerabilities which they can take advantage of and silently Access Company software and devices. Enabling automatic updates to software will offer maximum protection.
- Pay attention to employee’s security training. Cyber-criminals commonly use methods of duping employees into opening and running executable files (called social engineering) often claiming to be tracking information (FedEx or UPS) or an internal company email (example) Training employees to be aware of the risks and not to open any unknown or suspicious email attachments, links or files and issuing regular reminders can reduce the risk of an attack.
- Use a reputable Security Suite. Malware is constantly evolving as malware authors are frequently writing new variants to avoid detection and so it is important to have multi-layered levels of protection provided by a new generation of Security Suite. Should a new ransomware variant get passed any anti-malware software it may still be detected and blocked when it attempts to communicate with its Command and Control (C&C) server to receive instructions for encrypting files.
To learn how our Proactive IT Support Service can automatically protect your business Call us on 01204 221101