Ransomware - The Essential Guide to Protecting Your Business
Just when you thought you were as clued-up as can be about keeping your business safe from cyber attacks, along comes a whole new kind of threat you’ve previously never heard of.
The latest to get your attention is ransomware; malicious software that makes its way on your computer and either blocks access to files, applications, or even your entire system until you cough up a typically sizeable amount of money.
Though we say ‘latest,’ this kind of attack has actually been around for years, but it wasn’t until a number of recent high profile cases such as the May 2017 Wannacry attack which battered the NHS that many business owners sat up and started to ask some serious questions:
- What is ransomware?
- How does it infect my computer?
- What can I do to protect my business from a ransomware attack?
Here, you’ll find the answers to all of your questions about ransomware, along with expert advice on how to keep your business safe, all in one essential guide from your IT security experts at Total Group.
How Does Ransomware Work?
On the surface, preventing any kind of cyber attack seems straightforward:
Simply avoid downloading -or even clicking on- anything that looks suspicious.
If only it were so simple.
The truth is that ransomware developers are smart, and they know you are too. They know creating a file with an ominous skull-and-crossbones icon and a dodgy-sounding name is hardly something you're going to go anywhere near.
So instead, they use a device known as a Trojan.
Much like the wooden horse of Greek mythology which gives the device its name, a Trojan disguises itself as something harmless (usually a legitimate web link, a document, or an application) to trick you into opening it on your computer.
Once you do, the Trojan continues to follow the example of its namesake by revealing itself to be an attack and promptly taking over your system.
Once it does, the ransomware will in some way prevent you from using either that entire system or certain elements within it.
In the famous Reveton attack back in 2012, for example, users were locked out of their computers and presented with a screen which pretended to be from their country's law enforcement agency. This screen claimed that the users had been caught using their computers for something illegal, and would have to pay a fine to get access again.
In other examples, such as the aforementioned WannaCry attack, vital files were encrypted (meaning users couldn't access them), with the criminals behind the attack demanding money to get those files back.
As an alternative to blocking access, some types of ransomware (also known as Leakware) steal confidential data and blackmail the user into handing over money by threatening to make that data public.
What Impact Could a Ransomware Attack Have on My Business?
As if the expensive fines, legal ramifications, and reputation damage resulting from data theft weren't enough to ensure any business owner takes ransomware seriously, the impact on your day-to-day operations shouldn't be taken lightly.
Every minute that you don't have access to your complete infrastructure is a minute that you're unable to provide customers with the services they expect from you, and every minute that you're unable to serve customers is another blow to your bottom line.
Sure, you could pay up just to get back to basics, but along with the financial damage, you also run the risk that ransomware makers won't ultimately hold up their end of the bargain. After all, these aren't exactly the most scrupulous people in the world we're dealing with here.
How Can I Protect My Business From an Attack?
If all this sounds scary enough to put you off ever using a computer again, don't worry:
There are a few simple-yet-effective precautions you can implement immediately to protect your business from a ransomware attack.
1: Train Your Users
In most cases, businesses who fall victim to ransomware do so not because of some huge, targeted attack, but because a single user clicked a link, open an email, or otherwise downloaded a malicious file.
It’s therefore crucial that your employees receive cybersecurity awareness training not just as a one-off, but on an ongoing basis.
2: Create a Secure, Offsite Backups
From hardware failures to fires in the building, there are any number of reasons why you should already be creating secure, off-site backups on a regular basis.
Now you can add potential ransomware attacks to the list of reasons why they should be an essential part of your overall business continuity strategy.
Remember to create a backup to a storage device such as an external hard drive that isn't mapped to any network so that if said network does get infected, your data remains safe.
3: Keep Your Systems and Software Up-to-Date
Most ransomware developers will exploit vulnerabilities in operating systems and applications to make their way onto your computer. The longer you go without updating, the more time the attackers have to figure out a way in.
With that in mind, keeping on top of patches, security updates, and overall system upgrades can go a long way in keeping your business safe.
4: Restrict Admin Access
By only giving admin privileges to those users who really need them, you reduce the number of users who could potentially install malicious software onto your network.
Likewise, make sure that you only use your admin login when it's absolutely necessary, a move that will reduce the chance of leaving yourself vulnerable.
5: Review Your Policies and Strategies
Is your current Disaster Recovery Strategy up-to-date to reflect what you'd do in the case of a ransomware attack?
Do you have a BYOD (Bring Your Own Device) policy in place? If so, is it effective enough to prevent a user picking up a ransomware Trojan at home and bringing it into your infrastructure via a USB drive or a tablet device?
If not, now's the time to review, revise, and make sure they do.
6: Upgrade Your Firewall
Taking the above steps will go along way to creating a powerful, first-line of defence against potential ransomware attacks, but a first-line alone is rarely enough to provide adequate protection against attacks which are growing ever more sophisticated.
Adding an extra layer of security, a solid firewall solution with integrated Host Ransomware Prevention (HRP) to detect and block attempted ransomware attacks can prove invaluable when all else fails.
Industry leading solutions like WatchGuard Total Security combine HRP with a next-generation APT Blocker to quarantine files that the system doesn't recognise and expose ransomware and other malware that would have otherwise passed undetected by your existing network security system.
Used in conjunction with regular user training, secure back-ups and regular system updates, this advanced protection can prove to be the most powerful tool in your arsenal for keeping your valuable data from falling into the wrong hands.
What if it’s Already Too Late?
If you’re reading this because you’ve already been infected with ransomware, then first thing’s first:
Don’t pay up.
Instead, talk to your existing IT support provider for help, and if that’s not an option, you’ll find Total Group are here to help get your business back up and running in no time.
Need expert advice or hands-on support with recovering from a ransomware attack? Call the cybersecurity specialists at Total Group on 01727 881 224, or email firstname.lastname@example.org