On what is sadly an ever growing list of cyber security risks, one old-school type of attack that continues to wreak havoc is ransomware.
What exactly is ransomware?
Think of it as the cyber threat version of a hostage situation. It describes a type of malicious software (or malware) designed to infiltrate your computer, encrypt data and files to render them useless, and even lock your device entirely, preventing you from using it.
Files cannot be decrypted without a mathematical key, which only the attacker themselves has access to. Removing the malware, therefore, will not solve the problem. The damage has been done. And it can be devastating.
Following a successful attack, the victim will receive a demand for payment in return for restoring data and access … although paying up doesn’t guarantee the hackers will honor their side of the deal.
The lesson? Don’t wait to experience a ransomware cyber attack before taking action. Prepare for it now!
How does a ransomware attack occur?
A typical means of infecting a device using ransomware is via attachments in spam emails, disguised as a harmless file. However, once downloaded and opened it quickly seizes control of the targeted device.
Ransomware can also infect your computer if you visit a malicious or compromised website, or if the attacker exploits gaps in your system’s security.
If I’m the victim of a ransomware attack, should I pay the ransom?
Official advice would suggest not. After all, paying the ransom will encourage existing hackers to continue this lucrative practice, while new hackers will be tempted to jump onboard. You also risk being identified as willing to pay, increasing your risk of being targeted in the future.
Having said that, in the States the FBI recently acknowledged the issue has become increasingly nuanced for many businesses. Restoring systems and data can take weeks, and potentially cost more than the ransom – not only in cash, but also in reputational damage and loss of productivity.
While the FBI doesn’t go as far as to suggest paying the ransom, it does accept that the potentially crippling impact on a business means all options should be considered, ‘to protect their shareholders, employees and customers.’
How likely is it my business will be attacked?
In 2019 a global survey found 51 per cent of organisations had experienced ransomware attacks, with an average cost of USD $761,106!
Government departments have traditionally been seen as an easy target with steady revenue and a commitment to protecting the personal data of citizens and restoring essential services.
In the era of COVID-19, attackers have increasingly targeted schools and universities during the shift towards online learning, while attacks against the healthcare sector during the pandemic have also markedly increased.
In short, it could happen to anyone. A September 2020 report noted a ‘seven-fold year-on-year increase in ransomware reports’. Others suggest that in 2021 a business falls foul of this type of cyberattack every 11 seconds!
What steps can I take to avoid an attack?
Fortunately, there are plenty of steps companies in Australia can take to reduce the likelihood of this sort of debilitating breach occuring and protect their information security. A quality IT managed security service advisor should be able to provide further guidance around each of these steps, offering extra peace of mind.
Regularly test your system and monitor devices
It might go without saying, but its importance cannot be overstated. Make sure you regularly and thoroughly test and monitor your IT system for cyber risks. That includes all computers, laptops, mobile devices, operating systems, software, applications and cloud locations.
Scan for malicious files and take appropriate action to safely and completely remove anything suspicious. Conduct penetration testing, and patch any vulnerabilities that could be exploited. You may even consider implementing a centralised patch management system for this purpose.
Implement advanced email protection
Anti-malware scanners can increase detection of ransomware that arrives in the guise of an email attachment. Having multiple anti-malware engines in place provides even greater protection by preventing malware from evading one specific engine’s vulnerabilities.
Meanwhile, data sanitisation tools can convert downloaded files to a different format (i.e. Word document to PDF), removing any embedded threats that go undetected during anti-malware scans.
You may also consider a warning banner added to all emails arriving from outside your organisation, as a reminder of the risks when opening attachments or clicking links.
Malicious software can also infiltrate your devices using advertisements on certain websites, designed to enable infection. Blocking advertisements from your systems therefore also helps reduce your risk.
Monitor web traffic
Cyber security consultants will tell you of the importance of ensuring appropriate tools are in-place to scan web traffic and make sure all web pages visited are malware-free.
Measures should always be put in place to prevent users from visiting malicious websites, and beyond this you should consider restricting access to common ransomware entry points, like social media and personal email accounts.
Multi-factor authentication, particularly for those using critical systems, is another important consideration.
Be cautious about who can access your system
Sometimes there may be a requirement to grant third parties remote access to your network. If that’s the case, make sure they are thoroughly vetted and share your diligence around cybersecurity best practice.
User awareness training
The majority of ransomware attacks rely on user action to take hold, i.e. downloading a malicious file or visiting a dodgy website.
Encourage your people not to open suspicious emails, or click the links or download the attachments they contain. Urge them to be cautious before visiting unknown websites. And, importantly, develop and communicate a reporting procedure so your staff know what to do if they notice something of concern.
Educating your people around potential cyber security threats and data breaches, what to look out for, and the severity of the potential consequences will offer you a frontline defence against the hackers.
Back up for the most robust business continuity plan
Ransomware is evolving all the time, meaning updated signatures have the potential to evade even the most sophisticated anti-virus programs. An incident response plan covering what action you will take in the event of attack is therefore essential.
For instance, backing up your critical business data will ensure minimal downtime and a swift recovery. The best backup systems will allow multiple backups to be stored, in case the most recent copy already contains the encrypted files.
Cyber security Sydney
Cyber security services cover a wide range of protection methods that keep your IT infrastructure and business data safe from malicious attacks, as well as the recovery response in the event of disaster.
If you have any questions relating to the security of your network, don’t be shy! Call Lanter Technologies, a leading Sydney cybersecurity consultancy and provider of IT managed services, and we’ll be happy to assist.