Tag: Ransomware

Ransomware is emerging as one of the most effective – and destructive – types of malware circulating today. This is what you need to know.

What is ransomware?

At the most basic level it is a malicious application that is designed to stop your computer from working properly until you pay a ransom. In theory, paying the ransom will restore access – but it may also encourage the hackers to try and extort more money.

Without access to your data, operations are significantly disrupted – and that adds even more to the overall cost of the infection. Having lost their mission-critical systems, many organisations pay the ransom in the hope of restoring access quickly. Unfortunately, there is no guarantee that this strategy will work as expected – the cybercriminals may choose to keep the money and run.

Different types of ransomware

There are four main types of ransomware:

1. Crypto-ransomware that encrypts all of your files. The only way to regain access is using a decryption key which the hacker will provide for a fee.

2. Disk coding ransomware that encrypts critical software and prevents your computer from starting.

3. Screen locker ransomware that prevents you from accessing the screen of your device. In the meantime, hackers have complete control of the infected computer.

4. PIN locker ransomware that changes the PIN code used to unlock your device.

The methods and techniques vary, but they all prevent you from accessing your IT resources.

How to protect against infection

There are two key safeguards against ransomware infections – effective antivirus software and robust backups.

1. Antivirus tools

Ideally you want to stop ransomware from being installed – and antivirus software can assist. These toolkits scan your device and block suspicious activity, such as software installs, until you can check that they are legitimate.

2. Robust backup systems

You should also prepare for what happens after an infection. Ensuring you have a robust, reliable backup is invaluable, allowing you to recover a ‘clean’ copy of your data. You want this process to be as quick as possible to reduce downtime and the cost of the infection.

Do SMEs have to worry?

Large companies and organisations steal all the headlines about ransomware infections – but SMEs are likely to be victims too. A lack of in-house IT knowledge and experience makes SMEs an easier target for infection – and therefore more likely to pay a moderate ransom.

Every business must have safeguards to protect against (and recover from) ransomware attacks. Otherwise, their operations and reputation could be compromised. They may also face significant fines from the Information Commissioner’s Office (ICO) if sensitive personal data is exposed by the breach.

To learn more about ransomware – and how to better protect yourself against it – please give the WTL team a call.

If you can project knowledge and experience, you can probably talk unprepared users into doing whatever you tell them. Hackers will learn your organisation structure, names of key stakeholders and then contact staff pretending to be a senior manager and urging them to open an important file. Even if the employee realises they have been tricked, it is too late – the ransomware will have already set to work on your network.

We take a look at some practical tips to protect your business against ransomware infection but first we look two common ways hackers can gain access to your IT sytems.

Phishing

Phishing has evolved from stealing sensitive login details to encouraging users to install ransomware. Having received an official-looking email and clicked through to an official-looking website, the user is encouraged to download and install an official-looking app – which just happens to contain malware.

Malicious websites

Just general web surfing can be a recipe for disaster if your employees land on a compromised site. Click on the wrong pop-up or download the wrong file and malware can gain a foothold in the network.

You must teach your employees about these risks – and how to avoid them.

Prevention

Preventing ransomware infections is mostly common sense, applying IT security best practices to your infrastructure and operations, including:

• Regularly patching and updating software to address vulnerabilities and reduce opportunities for exploits.
• Ensuring endpoint anti-virus software is installed, configured and kept fully up-to-date at all times.
• Use policies to prevent end-users from installing software or running applications with elevated permissions.
• Maintain content filtering and firewall whitelists and blacklists to limit traffic to untrusted or compromised websites.
• Limit access to the physical computer ports to prevent ransomware ingress on removable drives etc.
• Audit your network regularly to identify gaps in your security systems – including testing your employees’ responses to social engineering attacks.
• Lockdown as many permissions and access rights as possible. Ensure that staff only have what they need to do their jobs.

Limiting access rights may occasionally cause issues – but they are nothing compared to the fall-out from a ransomware attack.

Recovery

Despite your best efforts, it is likely ransomware will eventually make it through your defences – the larger the network, the higher the probability. When it does, you need to be prepared to bring operations back online as quickly as possible.

Usually, backups take place once every 24 hours. If a ransomware outbreak shortly before the cycle restarts, you could lose a full day’s work – which could be catastrophic.

Your disaster recovery provisions need to reduce these gaps between cycles. Snapshots and smaller, targeted backups can create copies of key data more regularly speeding up the remediation process after infection.

There are many tools to help achieve these goals, but identifying, configuring and deploying the right ones for your business is not necessarily straightforward. WTL can cut through the confusion, our specialists will help your business build an effective, efficient disaster recovery solution that allows you to respond to ransomware quickly – without losing data.

To learn more about how we can help you protect your business against ransomware, please get in touch or take a look at the cyber security services  we offer.