The ransomware epidemic: how to defend your business. Posted by Dan Thomas, 25 Jan 2017

Ransomware has become a big security threat to business. With over half of UK organisations reportedly targeted in the last twelve months and cyber criminals using increasingly advanced methods, safeguarding against these attacks is vital.

So how can you defend your business-critical data and your corporate wallet? We decode the threat…

Ransomware defined

Ransomware is a type of malicious software that installs itself onto your device, takes hold by either locking or encrypting your data and demands a ransom payment to restore access.

Paying the ransom (usually via credit card or bitcoin) does not necessarily mean that you will get your files back as, strangely enough, the people responsible are not always trustworthy!

Recognise ransomware

Understanding how ransomware attacks manifest themselves is the first line of defence. Attacks are commonly triggered by unsuspecting users who;

  • Click links or open attachments from SPAM emails
  • Browse untrusted websites
  • Download or open file attachments containing malicious code
  • Use infected removable drives such as USB keys
Detect and protect

Prevention is undoubtedly the best strategy to combat this. A holistic approach across all areas of the business is essential.

  • Raise awareness of malware across your organisation and urge users to;
    • be extra vigilant when opening attachments, especially from unknown contacts
    • avoid browsing untrusted or illegal websites 
    • use strong passwords and never enter credentials into unknown sites
  • Keep your operating systems and antivirus up to date
  • Ensure your email and web filtering works appropriately
  • Disable the loading of macros within Microsoft Office which are often associated with ransomware attacks
  • Disable remote desktops when they’re not required
Action stations

Whilst anticipating the threat is key, swift mitigation is equally crucial should your preventative measures fail.

  • Isolate suspected machines - remove them from your network as quickly as possible and ensure they are “clean” before reconnecting
  • Limit user access to material specific to their role - this will limit the damage done by an infected computer
  • Enable file server features to restrict file extensions, as certain ransomware attacks will create files with specific extensions (eg, .AAA or .locky)
Backup or pack up

Should the worst happen and you fall victim to a ransomware attack, the most effective method of recovery is backup. Unless, of course, you want to take your chances and pay the ransom?! It’s essential to have an efficient and well-maintained recovery process.

  • Consider backing up key end users as well as the usual file servers, mail servers and databases
  • Remember that some ransomware will attempt to encrypt data that exists on mapped drives, so it is crucial to keep a separate offline copy
  • Perform routine backup recovery tests - don’t wait until you really need it to discover your data has not been backed up correctly!
Don’t get held to ransom...

Ransomware is a very current and real threat to business and can be highly profitable for the perpetrators. New variants are evolving daily and with the rapid rise of internet facing devices and the Internet of Things (IoT), organisations are at more risk than ever. Firms that adopt a robust, company-wide security strategy will be best-placed to weather the ransomware storm.

Need help? Bistech is BSI certified to ISO/IEC 27001 - the international standard for Information Security Management. For further advice on business security, please contact us on 03330 11 22 55 for a no-obligation discussion.