Ransomware Malware Cyber Crime Illustration

Protecting against Ransomware

10:21 01 October in attack, Cyber security, hack, Incident Response, phishing, security operations, staff awareness, Threats, training

Ransomware is a particularly unpleasant, and very prevalent, form of cyber criminality. It’s called ransomware because you, the victim, are literally held to ransom. All files stored on your computer are encrypted, and the criminals will only provide the key to decrypt when you pay their ransom. Even worse, ransomware can spread – propagating from machine to machine, and bringing whole organisations to their knees. A quick trip to Google will show you how widespread this – individuals, companies, hospitals and even whole municipalities have fallen victim, and in many cases paid the ransom.

Firstly, how can you avoid ransomware?

First, the old security truism – keep software and operating systems up-to-date. It’s not a magic bullet or a panacea, but it does remove some vulnerability and, in some cases, adds defences. 

Ransomware infections typically start in one of two ways; through a phishing email with a malicious attachment, or by poorly secured remote access services.

Some things you can do to defend yourself:

  • User training
  • Antivirus – both on the desktop and at your email service provider (or on your mail server if you run your own infrastructure)
  • Review how you manage remote access. Ensure remote desktop protocol (rdp) is not exposed to the whole internet, and review security on other remote access services

If you get ransomware, how can you mitigate the impact and recover?

Firstly, and this is good practice anyway, ensure you take regular backups and that you test them periodically. Also ensure you have an IT disaster recovery plan, and it is up-to-date.  If you are using Windows 10, talk to your IT team about some of the features Microsoft include to mitigate the threat of ransomware, including something called ‘Controlled folder access’ (and Microsoft are constantly doing more in this space, so again ensure you keep Windows and MS software up-to-date). 

Ensuring users only have access to information they need also helps limit the impact of ransomware. Ensure only the finance team can access finance team data and so forth.

If you do get ransomware, and are struggling to recover from backups, then check out NoMoreRansom here – it may be possible to decrypt your data, depending on the type of ransomware used.

The NCSC has good, technical, advice here. It is worth ensuring that whoever manages your IT infrastructure is aware of this advice.

Anything else?

Whether you have internal IT services or you outsource, don’t wait till you get ransomware to review the above advice with IT admins. It is good practice anyway to have both a security and IT incident response plan, so start now and work through what would happen if you got ransomware, and what the route to recovery is. Include the worst case, where ransomware has propagated across all your servers and you effectively are starting from scratch, rebuilding infrastructure and restoring from backups.

Any questions, please get in touch.

Thanks for reading, Rob