What is Ransomware and why it is big business?
With the recent media coverage of Ransomware severely impacting the NHS in the UK and other organisations across the word, it is important to note that every business is vulnerable, both large and small.
What is Ransomware?
Ransomware is a sophisticated malware attack that takes advantage of security vulnerabilities in computer and server operating systems. Ransomware then encrypts all files on server file shares making them completely inaccessible. The cybercriminals then demand a ransom request, normally payable in bitcoins to provide you with the code to decrypt the files and make them accessible again.
Ransomware is big business for Cyber Criminals who can now purchase Ransomware as a service that they use to target businesses. In the example below the service itself is free with the profits split 50/50!
What if I ignore the Ransom request?
Ransom requests tend to come with a deadline, if the ransom request goes unpaid within that timeframe the ransom increases. It is however possible in most cases to recover files and restore service from the last good backup or server image, but this can take a significant amount of time with systems inaccessible during that time. However, if you do not have a good backup system in place and you decide not to pay the ransom you will not be able to unencrypt and access the files.
What happens if when I pay the Ransom?
When you pay the Ransom, you are typically provided with a code that unlocks your encrypted files.
Caution: Ransomware often returns a second time (and third) to those who do not take the necessary precautions after the first occurrence.
How does the Ransomware Spread?
Like most malware attacks, Ransomware most often depends on human interaction to download the malicious code without their knowledge. Malware typically spreads itself by email, embedded in email attachments such as ZIP files or URL links inside PDF attachments.. When attachments are opened or clicked, the code can then take advantage of the security vulnerable in computer and server operating systems.
How do we protect our business data and systems from Ransomware?
Often organisations overlook the basics when it comes to protecting themselves from Cyber security activity and Ransomware is no different. Security is all about awareness and implementing several layers or protection (not just antivirus) to help prevent or minimise the chances of a cyber-security related attack. Remember, these attacks are primarily random which means that small and large businesses are vulnerable. Our advice is if you do not have the expertise in house; look for help from a managed services provider with strong security expertise.
1 - Keep operating systems patched and firmware updated. Treat this as essential proactive maintenance that must be carried out routinely. Do not depend on automatic updates to assume this is being done correctly. If you do not have the time or expertise, outsource this to a Managed Services / Security Provider.
2 - Educate employees, as they are often the biggest weakness when it comes to cyber security. Facilitate brief class room type sessions that present examples of phishing emails and encourage a questions and answers format
3 - Ensure you have a unified threat management (UTM) firewall in place and that it is properly configured as most firewalls installed today are not sophisticated enough or correctly configured to prevent attacks.
4 - Ensure you have a working backup and imaging solution in place that you can confidently recover from in the event of an attack.
5 - Ensure you have email protection in place. In fact, some security vendors are recommending that multiple layers of email protection may now be necessary to keep up with the level of sophisticated email attacks.
Contact Us to speak with one of our Cyber Security experts and we can help you protect your business from the risk of a Ransomware attack.