You have no doubt heard about Ransomware, the latest in a long line of cyber threats to menace businesses. The risk is very real. Unless your business is prepared to meet the threat, dealing with a Ransomware attack can be a very costly and disruptive process, one that often involves days of lost productivity and hundreds if not thousands of pounds of remediation costs. It's impossible to completely prevent all such attacks but by following some simple advice it is possible to reduce the likelihood of an attack being successful and vastly reduce the impact if one is.
Ransomware is the name given to a type of malware that denies you access to your data until you pay for access to be restored. It typically encrypts your data using military-grade encryption that is considered unbreakable by industry experts. Once the data is encrypted, the only way to recover it is to either pay for the decryption key or restore the data from backup.
There are lots of possible ways for Ransomware to get into a business, but by far the most common is through e-mail. The ransomware usually arrives either as an attachment to an e-mail or as a link embedded into the body of an e-mail message. In either case, when someone opens the attachment or link, the ransomware is activated and infects your network. Millions of such messages are sent out every day, often disguised to look like typical business communications from delivery firms, airlines, travel agencies, government bodies and many more - all intended to trick the unwary into opening the attachment and infecting their machine.
Less common but rising in frequency are instances where ransomware is distributed via otherwise legitimate websites, usually by placing a malicious advert onto the site. These take advantage of vulnerabilities in common web browsers to infect machines without any user interaction. So far this has made up a small percentage of ransomware infections but the number is rising as people become more wary of e-mails and attachments.
Anti-virus certainly helps but the sheer amount of money being made by ransomware gangs means they have a very strong incentive to keep ahead of the antivirus companies. Some variants of ransomware have been known to change up to 5 times a day as the authors continually tweak the code to avoid detection by anti-virus and mail filters. Preventing ransomware infections requires multi-layered defences and good staff training - there is no substitute for knowing what to look for!