According to Securious, the South West’s leading cyber-security company, Ransomware is the biggest cyber threat to organisations and individuals alike. The speed at which the number of ransomware infections is growing is incredible: predictions suggest that worldwide, a business will fall victim to ransomware every 14 seconds in 2019, increasing to every 11 seconds by 2021.
What is Ransomware?
Defined as malware that locks users out of their devices/blocks access to files until a sum of money or ransom is paid, Ransomware attacks can and do cause significant downtime and data loss. Ransomware infections can also constitute a data breach, leading to significant financial penalties under GDPR.
How do you get it
Ransomware is often spread through phishing emails that contain malicious attachments or through drive-by downloading. Drive-by downloading occurs when a user unknowingly visits an infected website and then malware is downloaded and installed without the user’s knowledge.
How do you know if you are infected
There are many identifiers that your IT systems have been compromised – often, you’ll see a splash screen that clearly states you’ve been infected, with instructions for how to pay the ransom to restore access. Other times, you’ll just find that you can no longer open your files.
Every folder that has been encrypted will usually have a file that will tell you how to decrypt your data. These will be called ‘_DECRYPT YOUR FILES’ or something similar.
How can you mitigate against a Ransomware attack
Backup, backup and backup again!
The single most important defence against ransomware is ensuring you make regular backups and have a solid business continuity plan. Hackers are betting that you will have no offsite backups and you will have no other option than to buy back access to your data. As long as you have a “clean” copy of your data, you can refuse to pay the ransom.
It is vital that you check your backups work, too – don’t wait until you have a ransomware attack before you test them. We also suggest that, even if a 3rd party is backing up your data too, it is still good practice to take your own.
Follow best practice security principles
Ensure you update your computer operating systems and software (including any anti-virus and Malware protection software) whenever there is a new release or patch. Watch out for phishing emails and do not open suspect emails or links. Restrict users’ permissions to install and run software applications. Train your employees on security – they are your first line of defence.
Get a complete assessment of your company’s security posture and potential risk. Even routine backups may not protect your data. If the data has been infected, and you are not aware, or if the backup is not segregated from the network, backups may also be corrupt. A complete assessment of your infrastructure can identify vulnerabilities and gaps in protection against internal and external threats.
Be sure to review all security configurations, anti-virus and anti-spyware deployment, patch management, and company security policies for accuracy and completeness. Look for other tools (including Cyber Security services) that can help keep you better protected than your competitors.
Ransomware attacks are on the rise in every industry. Companies should proactively assess their threat landscape while establishing protocols for restoring operations and protecting sensitive data. Considering the cost of work-arounds and downtime, the ROI of improved cybersecurity becomes irrefutable.
What should you do if you do get infected
The official advice from worldwide law enforcement organisations is DON’T PAY. Not only are you lining the pockets of organised crime syndicates, statistically only 19% of ransomware victims who pay the ransom actually get their files back.
The safest option is to restore any encrypted files from a known, good backup.
If you want more information or would like to chat to a member of the Securious team, visit their contact page.
Links to more information: