Stories about ransomware continue to dominate the headlines with each new attack appearing bigger and more destructive than the last. It is a business’s worst nightmare. A study by Cybersecurity Insiders found that organizations view ransomware as an “extreme” threat and are bracing for the next ransomware attack. IT and security teams are only moderately confident when it comes to ransomware with a staggering 80% of critical infrastructure organisations experienced a ransomware attack over the last 12 months
Cybercriminals use classic social engineering techniques such as phishing emails and email attachments luring users to visit malicious or compromised websites to get their ransomware in to your organisation.
With this all gaining increased attention, we spoke to Sonny Sehgal, Transputec’ s CEO and resident Cyber Security Specialist to better understand how and what organisations can do to protect themselves from this growing problem.
1. What is ransomware?
“Ransomware is a cyber-attack that effectively holds your systems hostage, locking them via a malicious program (malware) until a ransom is paid to the hacker. It’s generally installed remotely completely undetected and encrypts either specific files or the whole network.
The really frightening thing about a ransomware attack is not only that the hacker has complete remote control over your system but that, once the malware is infiltrated, it can easily spread to other devices or applications on a connected network. This means that entire companies can be shut down in an instant and the only way to unlock them is to bow to the demands of a criminal or recover from a backup, if your backup also has not been encrypted.”
2. How to prevent ransomware attacks for a business?
“The first step I recommend in protecting your company from ransomware is understanding how and why it begins. It may start with a phishing email which acts as bait. This email will typically contain a malicious file often disguised as a standard PDF or DOC file and once this file has been downloaded and opened to the host’s computer, it acts as a backdoor into the system for the hacker.
Ransomware attacks are not necessarily instant, they can be prepared in advance and activated at any time and hackers are normally inside an organisation’s environment for quite a long period before any encryption takes place. They normally use this time to exfiltrate critical and valuable data. Once the hackers have the data, the program starts encrypting files on the host system so that the user has no access to their own system. A notification will then be displayed on the screen where the hacker will list their ransom demands.
It’s a potentially devastating problem that can cripple a company in a matter of hours and the reputational risk cannot be overstated. Organisations can see trust erode among key stakeholder groups, lose loyal customers and partners, and face intense regulatory scrutiny.”
3. How to avoid ransomware attacks and protect your business from it?
“There’s no definitive silver bullet, of course, but by taking a multi-layered approach to your IT security you can at least give yourself a strong chance.
Backup your data – In the event of an attack, up-to-date backups are the most effective way of recovering from a ransomware attack. Reverting to a recent backup will at least be enable you to claw back some of what was taken, ensuring off course that no malware is contained in the restored backups. Ensure you create air-gapped backups that are kept separate, and that backups are only connected to known clean devices before starting recovery. And don’t forget to scan backups for malware before you restore files. Ransomware may have infiltrated your network over a period of time, and replicated to backups before being discovered.
Update software – Many ransomware attacks (for example the notorious WannaCry virus relied on unpatched systems) originate in unpatched software. As a result, it is vital that organisations keep all software as up to date as possible. Keeping your software regularly updated is of paramount importance. As hackers devise increasingly devious ways to exploit vulnerabilities in our systems, software vendors continue to seek out these vulnerabilities themselves and patch them in software updates.
Staff training – I cannot stress this enough. Over 85% of attacks begin with the so-called “human factor” whether that is employee negligence or pure ignorance. Negligence is harder to protect against but ignorance can be addressed by training employees; letting them know what to look for and what signs to avoid.
Invest in a more robust security solution – Threat detection software detects and resolves many ransomware attacks before they can do any lasting damage. The best software security solutions will include multiple layers of protection and multi-factor authentication protocols that force users to identify themselves in multiple ways before they’re granted system access. Specific anti-ransomware solutions are also available to monitor programs for suspicious behaviour if you’re particularly worried.”
3. Should an organisation pay the ransom?
“It might seem like the only logical option at the time and the best way to get out of the situation as quickly as possible but there’s no guarantees when you are at this point. They might ask for more money and it will only embolden them to continue committing the same crime against other victims. Law enforcement does not encourage, endorse, nor condone the payment of ransom demands but attackers will also threaten to publish data if payment is not made.
To counter this, organisations should take measures to minimise the impact of data exfiltration. The NCSC’s guidance on protecting bulk personal data and logging and protective monitoring guidance can help with this.
No one expects to be hacked until it happens, so I would suggest to bolster your IT defences with a robust, secure and resilient solution. And remember that even immediately after an attack criminal can be known to return for a second attempt within 12 months.”
Need to review, upgrade, or implement a ransomware defence system? Contact us at Transputec for a free, no obligations consultation to discover how we can help you protect yourself against ransomware