What is Ransomware?
Ransomware is a type of malware or virus that will usually encrypt your data, meaning you cannot access it or threaten to make it public. Usually, you are offered a decryption key in exchange for a large payment, usually in the form of a digital currency, such as Bitcoin.
You’ve probably heard of some famous cases over the last year, including:
- Kaseya – and thousands of their customers
- Colonial Oil pipeline
What can I do to protect myself from Ransomware?
Protect your email
Most Ransomware attacks begin with Phishing emails, where an attacker will hide the malware in an attachment posing as an invoice or other file. Ensure your email is protected by a quality spam filter that can detect these types of emails as well as scanning your emails for viruses. Employees should be aware to look out for phishing emails and never open something they are unsure of.
Your business should have a clearly defined, enforceable security policy. The most obvious place to begin is passwords. Ensure your password is a good one that only you know, your dog's name or your favourite football team is not a good password.
Restrict access to only those that require it. Not every employee requires admin access or the ability to install programmes. Only provide access on a need's basis. If you require admin access, have a separate account, and use a non-admin account as your primary account.
2fa (Two factor authentication)
2fa is a secondary method of authentication, usually in the form of an SMS or a push notification to a mobile device. Use 2fa on your company VPN, servers, and other critical infrastructure.
Those pesky windows updates are there for a reason! Each month Microsoft (and Apple) patch security vulnerabilities on your PC. Microsoft release their monthly updates on the evening of the second Tuesday each month. Make sure they are installed, and your computer restarted for the patches to take effect.
A good Anti-Virus will run regular scans of your PC as well as monitoring your web browsing and email for Malware and other nasties.
No Windows Defender doesn’t count, and Yes Apple Macs need this too!
Whilst this won’t stop an attack it will leave you in good stead if your data is encrypted. A good backup policy will follow the 321 rule. That’s 3 copies, 2 different types of media (e.g. disk and tape), and 1 copy offsite.
This one is by far the most important. Ensure your staff are aware of the dangers of ransomware and what to look out for.
What do I do during a Ransomware attack?
As part of your various security policies, you should have a system in place if you face a Ransomware attack. Which I’ve outlined below:
Assess the situation
1. What has been compromised?
2. Do I need to alert my insurers?
3. Do I need to bring in an IT expert?
4. Do I need to alert the ICO?
Shutdown the source
If you were able to identify the source as part of assessing the situation, shutdown the source of the problem. You want to ensure that the virus does not spread to difference systems or networks, e.g. from someone’s PC to your backups, servers etc.
Restore from backup
This is often a nerve-racking experience, you will be thankful for the regular restore tests you’ve done previously. Firstly verify your last successful, uninfected backup. Good backup software will run malware detection prior to a restore taking place.
Pay the Ransom and Decrypt
This isn’t recommended, partly as it helps fund the attackers, meaning more attacks on yourself or others in the future and because there is no guarantee that your attackers will comply. Always check with your insurance before doing this.
If you do decide to pay the attackers, they should provide you with a decryption tool/key that will allow you back into your data.
You’ve been target once, you’ll likely to be targeted again. Learn from the incident, patch where necessary and ensure your processes are tightened up to minimize the risk of future attacks.
If you’ve read this and are concerned about the consequences to your business or the processes you have in places please email us at firstname.lastname@example.org. We’d be happy to help.