How to beat Ransomware and how to install preventative measures that will keep your systems secure

You have no doubt heard about Ransomware, the latest in a long line of cyber threats to menace businesses. The risk is very real. Unless your business is prepared to meet the threat, dealing with a Ransomware attack can be a very costly and disruptive process, one that often involves days of lost productivity and hundreds if not thousands of pounds of remediation costs. It's impossible to completely prevent all such attacks but by following some simple advice it is possible to reduce the likelihood of an attack being successful and vastly reduce the impact if one is.


So, what is 'Ransomware' anyway?


Ransomware is the name given to a type of malware that denies you access to your data until you pay for access to be restored. It typically encrypts your data using military-grade encryption that is considered unbreakable by industry experts. Once the data is encrypted, the only way to recover it is to either pay for the decryption key or restore the data from backup.


How does Ransomware get into my business?


There are lots of possible ways for Ransomware to get into a business, but by far the most common is through e-mail. The ransomware usually arrives either as an attachment to an e-mail or as a link embedded into the body of an e-mail message. In either case, when someone opens the attachment or link, the ransomware is activated and infects your network. Millions of such messages are sent out every day, often disguised to look like typical business communications from delivery firms, airlines, travel agencies, government bodies and many more - all intended to trick the unwary into opening the attachment and infecting their machine.


Less common but rising in frequency are instances where ransomware is distributed via otherwise legitimate websites, usually by placing a malicious advert onto the site. These take advantage of vulnerabilities in common web browsers to infect machines without any user interaction. So far this has made up a small percentage of ransomware infections but the number is rising as people become more wary of e-mails and attachments.


I have Anti-Virus, won't that stop it?


Anti-virus certainly helps but the sheer amount of money being made by ransomware gangs means they have a very strong incentive to keep ahead of the antivirus companies. Some variants of ransomware have been known to change up to 5 times a day as the authors continually tweak the code to avoid detection by anti-virus and mail filters. Preventing ransomware infections requires multi-layered defences and good staff training - there is no substitute for knowing what to look for!


What if I do get infected, what can be done?


A rapid response from your IT team is essential to minimise the damage. Frequently, access to network resources will be shut off while the damage is assessed. Sometimes, if the infection is caught and isolated quickly all that needs to be done is to clean up the infected PC but more often the corrupted data will need to be restored from backups. There is often some loss of data but with a good backup strategy this can be minimised. Paying the ransom is the last resort - not only is it expensive and difficult to pay there is no guarantee that the criminals will in fact provide a working decryption key if you do.


What are the key things I can do to keep my business safe?


Invest in staff training.
The weakest link in any network's security is often the people using it. Train your staff in how to handle e-mail safely, what to look out for and how to respond if they suspect there might be a problem. You can greatly reduce the risk of falling victim to ransomware or any other type of security breach. 


Keep your systems up to date and retire old technology promptly 
Many of the vulnerabilities exploited by ransomware authors are routinely patched. If you keep your systems and software up to date you reduce the number of ways ransomware can infect your systems. Older, obsolete technology such as Windows XP and Windows Server 2003 no longer receive updates from Microsoft but new security vulnerabilities continue to be discovered in them. This makes them especially vulnerable to ransomware and other security threats. These systems should be regarded as high-risk and replaced as quickly as possible. 


Invest in a suitable backup system
Too often backup is seen as a cost which is hard to justify by many businesses - after all you are paying for something you will (hopefully!) never need. This is a false economy. Should the worst happen and your business falls victim to a ransomware attack the backup solution could be the only thing between you and bankruptcy! 


Plan your response before the worst happens
If you do fall victim to a ransomware attack, having a well developed, tested and practiced response plan will greatly reduce the amount of time taken to identify and contain the threat. It will also reassure your staff and allow them to continue serving your customers while the incident is dealt with. Incident response should really be part of your business continuity plan and should be reviewed and tested at least annually.


Where can I get more information and help securing my business?


We are pleased to offer assistance to both our current clients and to other organisations with all aspects of network security, disaster recovery and business continuity. If you'd like to talk to us about your particular needs please call us and one of our team will be happy to help.


Suite 5, The Albus, Brook Street, Glasgow G40 3AP
Head Office : +44 (0) 141 280 2882