Best practices for reducing the threat of Ransomware

If you don’t already know, Ransomware is a method of exploitation, when files on a systems hard drive have been encrypted by using an unbreakable key that can only be decrypted by the opportunist who attacked the systems hard drive in the first place.  The attacker basically holds the files to ransom ‘data kidnapping’ and will only provide you with a key to recover the data when a ransom fee is paid.  The ransom money can be of whatever value the attacker wants, it’s up to the persons who the files belong to whether the files are released by paying the ransom fee. In cases where the ransom fee is paid, it is done in cryptocurrency, a secure and non-traceable payment system known as Bitcoin. Alike any other cybercrime this is appalling behaviour and totally unfair to the victims but unfortunately, ransomware cannot easily be stopped, fortunately there are steps that can be taken to minimise the risk of infection and just as importantly to be fixed without paying unfair fees. Here are our best practices for reducing the threat of ransomware:

1.        Be cautious! Ransomware is often transmitted through email links and attachments, infected software and compromised websites.

Typically, a user will receive an email message and will be fooled into opening a link or attachment, when this happens the email user falls victim to ransomware malware infections often referred to as cryptovirus, cryptoworm, cryptotrojan and crypzip.  Most attacks come in the form of phony suppliers stating that invoices are outstanding.

2.       Defend your data! Improve backup, efficiency and security.

When a ransomware threat has gained a foothold to your systems network whether it has encrypted your files or not, we recommend the following defences:

A secure and working backup – A fully working and tested backup solution must be in place that regularly backs up all your data files and is available for easy restore.  It is not recommended to pay ransom fees, therefore once an attack has happened the only way to revert back to a working system, is to restore the data from a backup.  Always ensure that a virus and malware scan has also been executed after to ensure that there are no hidden nasties on your network.

Segmented network – The way Ransomware works is to scan the local machine and encrypt whatever data files it can find.  This normally on a corporate network wouldn’t be too much of an issue however Ransomware is more cunning, it is intelligent enough to look at what drives are mapped on the pc, for example, the Shared drive, and to then scan and encrypt any files there.

A good way to limit the exposure is to separate your data into groups, for example, Accounts should have a separate group location on the server, HR should have their own etc.  This way of segmentation means that if an Accounts machine is infected, they will not have access to the HR folders and the attack will not spread across the whole data structure.

3.       Have an idea of what’s going on!

IDS software – Installing Intrusion Detection System (IDS) software will help monitor and detect the system network for known suspected violations and malicious activities.

SEG filters – Secure Email Gateways (SEGs) provide incoming email filtering to block any known or suspected malicious, spam and phishing emails from coming through.

4.      Eliminate the risk of breach!

Incident Response Plan – In case of a potential ransomware emergency, you should ensure that a IRP is in place and all your staff and business partners are aware of all the precautions and how to prevent ransomware. If your company or organisation has already been hit by ransomware and since then it may be that you or your staff haven’t taken useful actions to prevent it from happening again, then unfortunately you are more vulnerable and prone to this happening again. 

Ransomware is on the increase and it isn’t just the small business that is being affected, there are many large corporate companies in the same position.  The most effective method of preventing and attack on your systems is user training.  It is imperative that everyone in your organisation is aware of the threats and to never access unknown websites from the company network.  In addition, any emails with links and attachments must be looked at as potential threats.  Make sure that your staff ask the questions do I know this sender? Would they normally send me an email like this? Am I even slightly worried?  If there are any worries at all, it is better to check with the IT department/company to verification, rather than having downtime for your business whilst restores are  in progress.

SHARE THIS BLOG ARTICLE