Another day, another report of more widespread ransomware attacks. It is vital that you take steps to protect yourself and prepare backups of your important files if you want to survive a ransomware attack which may be becoming more and more likely.
This latest one apparently originated in Ukraine, but has spread globally at an alarming rate. Companies in the UK have been affected, including the world’s biggest media and marketing company, WPP.
When infected with ransomware, all files on local PCs and servers connected to the network are encrypted – meaning users are unable to access them. This type of malware is called “ransomware” because it holds files or PCs to ransom, demanding a payment (in this case bitcoins worth around $300 per infected device) to unlock them.
The only way to really deal with ransomware, is to be prepared. If you find yourself with it and you haven’t taken steps to back up your data or protect yourself, you are unfortunately going to have to decide whether you can carry on without access to your data, or if you want to take the chance paying the ransom and hoping you get your files back.
Six ways you can prevent your business succumbing to ransomware
1. Carefully check all emails you receive for red flags
There are many indicators of a phishing email. Of course, anyone can send one, and they can even spoof the sender address so it appears to come from someone you know – so there might be no indicators.
It is best to be highly suspicious whenever you receive an email with an attachment or a link – even if it appears genuine or is from someone you know.
Hover over links and see where they really point to, then look extremely closely. There may only be one or two character changed from a trusted domain e.g. bankofarnerica.com or barc1ays.com
Was the email sent at an unusual time, like outside business hours?
Do you know the sender? If you do, does it seem out of character?
Were you expecting this email?
Is the sender asking you to click a link or open an attachment to avoid a negative consequence or gain something of value?
Download our cheat sheet to help you spot phishing emails – see the link at the bottom of this post!
2. Don’t enable editing in office documents unless you need to
Office documents will usually open in protected mode when you open them from an email (if they don’t, make sure you change your settings so they do!). This mode allows you to safely view contents of the document, but you’re not able to edit the document. Only enable editing if you’re sure the file is safe, and you actually need to edit it.
If a document asks you to enable macros when you open it, be extremely suspicious. Macros are basically pre-recorded steps or actions that run when you run the macro. They can be used to do things that can be harmful to your security or files on your computer. How to Geek says:
“You might assume that a programming language designed to automate tasks in an Office suite would be fairly harmless, but you’d be wrong. For example, macros can use the VBA SHELL command to run arbitrary commands and programs or use the VBA KILL command to delete files on your hard drive.”
3. Invest in adequate cyber security solutions
There are many different cyber security defences you can invest in to reduce the likelihood of a successful ransomware attack, or other cyber attack.
Antivirus alone is not enough to be adequately protected.
Antivirus software works by scanning all files against a local database of “signatures” of known malicious files. This is why traditional antivirus software always has to be updated with the latest definitions or signatures – otherwise it won’t recognise new malware. Unfortunately, users are not good at ensuring their antivirus software stays up to date, therefore they increase their risks of succumbing to malware or viruses.
Newer, more advanced anti-virus does not rely on a local database of signatures to scan files against. Instead, the signatures are all in the cloud, and this database is kept up to date constantly by the provider. This means the likelihood of being protected against new malware is much higher. However, multiple layers of protection are recommended as even the best cloud based anti-virus will not instantly recognise new malware that has never been seen before.
An additional layer of protection you can add is DNS monitoring. A DNS monitoring solution analyses vast quantities of internet traffic in order to spot trends which indicate dangerous domains used in conjunction with phishing attacks. These domains, when visited by the user, will automatically download malware onto the victim’s PC. The domains are linked to in phishing emails designed to encourage the victim to click. A DNS monitoring solution can spot sudden or unusual increases in global internet traffic to specific domains, and block you from connecting to those domains until they can be verified as safe.
Another layer of protection you can add is an email spam management solution, which will prevent emails from reaching you that score highly on several points that indicate a spam or phishing email.
And of course, you should have a business grade firewall which has the ability to prevent against zero day attacks and scan encrypted traffic.
With investment in multiple different layers of defence, you are more likely to prevent a successful attack.
4. Ensure your applications and systems are up to date
Any technology partner worth engaging with will prioritise cyber security, and will proactively update all desktops, servers, applications and operating systems as soon as updates or patches are available.
One of the main ways cyber criminals have success, is by writing malicious programs that exploit vulnerabilities in applications or operating systems. As soon as these vulnerabilities are discovered, the vendor will release an update or patch to remove the vulnerability. Most people will just postpone updates each time their computer suggests them as they don’t understand why they are important.
A good technology partner will handle all of the updates for you, as they know your staff will most likely not do it. Netstar proactively install all updates and patches in the background, providing you with regular reports of the patch status of all your desktops and servers.
5. Invest in backup and recovery solutions
If ransomware gets onto your PC, or worse – your network, there is no way to get access to your files again unless you pay the ransom. This is not encouraged as it helps fund cyber crime, encourages more of the same activity, and there is no guarantee that you will actually receive the decryption key that will give you access to your files again.
The best way to weather a ransomware attack is to be fully prepared. This means having backups of your data that you can restore from. You should ensure backups are completing successfully, ideally at least once a day. A good technology partner should manage your backups for you and provide you with reports on the status of backups so you can be sure they are all completing successfully. You don’t want to have to restore from your backup, only to find that the last successful one was months ago.
6. Educate employees with security awareness training
The reason you need to educate employees about cyber security threats, including ransomware, is the same reason why cyber criminals target home users and small businesses:
- They lack training, and therefore will click on almost anything in an email if it grabs their curiosity.
- There are often no basic cyber security defences in place, or if there are, it is only antivirus, which is not 100% effective on its own.
- There are often no backups of data in place, therefore the victim is forced to pay if they need their files back.
- Software and operating systems are often not kept up to date with latest patches to fix vulnerabilities.
- There is a huge pool of potential victims.
Can you confidently say that none of your employees would fit the profile of the home PC user described above? All it takes is one person to click on a link in a suspicious email, or enable content in an attachment, and your whole business could lose important data.
We have found that the best way to educate employees is to do it regularly and test employees continuously. Simulated phishing emails can be sent to employees, designed to look like the real thing and designed to get them to click. No harm done by clicking on the simulated emails, and further education can be given to those who do click, as well as showing the individuals what the red flags in the email were that should have alerted them to the danger.