Cyber

Don’t let software hold you to ransom

by Mark Rowe

When ransomware strikes, your business is at risk, reputationally and in terms of revenue. Downtime costs money. It loses business and is an expensive hinderance. Data recovery is also an expensive commodity – but can it be avoided? Every business is vulnerable but with the right preventative measures you can protect your IT systems securely.

With the help of a specialist managed services provider (MSP) you can channel you’re inner Liam Neeson and repeat confidently: ‘‘If you are looking for ransom, I can tell you I don’t have money. But what I do have are a very particular set of skills, skills I have acquired over a very long career, skills that make me a nightmare for people like you.” They may be skills acquired from a third-party services provider but they’ll be some of the most valuable skills you need to protect your business from a ransomware attack.

What is ransomware?

A vicious form of malware, ransomware encrypts your systems, files and data, blocking your access and leaving you unable to access important documents and processes. The attacker then sends a series of financial ransom demands to restore your access. On payment (usually requested in Bitcoin or similar cryptocurrency to reduce the chances of being traced) you receive a decryption key to wipe the virus from your systems and it’s business as usual. But for how long? And at what cost? Independent research by Vanson Bourne highlighted 40 per cent of UK businesses experience, on average, five ransomware attacks per year costing an average of £329,976 per annum and £591,238 globally per individual business in 2018 (UK, Germany, France and the US).

How to spot the signs of a ransomware attack

Ransomware wears many guises; you’ll have seen them many times. One of its most common identities is in the form of phishing emails or spam, posing as a genuine contact in your inbox with a trustworthy attachment. Attachments which, if opened, employ social engineering techniques to gain admin access to your secure files. However, more aggressive forms of ransomware are intelligent enough to gain access and infect systems without needing to trick users. Common techniques used by phishing emails include:

1)Strange email signatures with imitation domain addresses posing as legitimate accounts, for example {name}@hmrcaccounts.com
2)Poor spelling within the body of the email and incoherent grammar
3)Low quality graphic resolution of brand logos
4)Impersonal salutations such as ‘Dear User’ etc

What is the likelihood of an attack?

Ransomware is on the increase. It’s no longer something only equity-rich companies fear. It’s mainstream and regularly cited on the BBC and other mainstream media. Most recently with attacks on St. John Ambulance in the UK and global aluminium producer Norsk Hydro. After prying and probing their system security for weak points the attack struck over 40 countries across 170 sites, affecting 22,000 computers. Old-fashioned methods came into play with a workforce of over 35,000 reverting to pen and paper as their safest method to continue with their day-to-day activities. With many production lines halted, the attack cost the firm a minimum of £45 million. Yet reputational damage was minimal. In fact, their reputation and exposure grew dramatically as a result of the attack through their refusal to yield to ransom demands and their public transparency. Through sharing details of the attack and what they’d experienced, they aided other businesses in a similar situation to follow the same stance or seek defence. Transparency is admirable but when customer data is at risk many businesses can’t afford to be as bold and often pay ransom demands to protect their reputation and that of their clients. Which route would you take?

New Scientist Magazine recently reported how Luxembourg-based Eurofins Scientific, a provider of forensic services that conducts millions of tests for security agencies and police forces worldwide, fell victim to a ransomware attack in June 2019).

Paying the fee doesn’t guarantee safety

In fact, it could encourage the opposite. Criminals operating within a cyber-crime sphere often share lists of those businesses ‘susceptible to extortion and likely to pay’. The best defence is prevention and investing in professional support to protect your business. This includes IT literacy on a company-wide scale, ensuring every member of your team understands the risks when receiving unsolicited emails with attachments. The more staff who understand why not to open documents from unknown contacts, will dramatically reduce the risk of a ransomware attack within your business. Communicating strict data backup processes is also critical. Something MSPs are invaluable at implementing. After all, if your data is secure and has the option to be restored you technically have no need to pay the demands ransomware dictates.

Dominic Wetherall of Kalamazoo IT says: “Ransomware has evolved to outpace newly developed security services and solutions, all in an attempt to profit from compromised victims. This evolution continues into 2019 yet the scope of targets has changed. Malware producers have elected cunning new avoidance tactics, refined their objectives, and are now experimenting with new distribution methods. With more sophisticated techniques employed, it’s the unprepared that fall victim in a very volatile threat landscape. Consistent safeguarding is critical to your recovery. Online backup and Disaster Recovery as a Service (DRaaS) are highly efficient at helping to mitigate risk. This can be further reinforced with a well-written Business Continuity Plan to help your business cope in the event of an attack.”

Seven step-guide on how to help prevent ransomware

You can help protect your digital presence with some critical preventative steps that build a robust recovery system and reduce the risk of a ransomware attack:
1.Back up your data – migrate to the Cloud. Even if you take every possible precaution to prevent ransomware it may still break through your defences. The single greatest thing that will defeat ransomware is a regularly updated backup. If you fall victim to a ransomware attack you may lose recent documents that you started earlier that day, but if you can restore your system or clean up your machine and restore your other lost documents from backup, there’s no cause for alarm. Regularly updated backup is ransomware’s greatest enemy. What you need is a regular backup regimen, to an external drive or cloud backup service alongside a clear data recovery plan that allows you to restore a clean backup. Keep your data safe and use the 3-2-1 backup rule:
3: Keep a minimum of three (3) copies of your data
2: Store two (2) backup duplicates on alternative storage methods
1: Ensure one (1) backup is stored offsite (i.e. in the cloud)

2. Disable Remote Desktop Protocol (RDP)
RDP allows remote access to your desktops. It also allows malware easy access too. Protect your machines from RDP exploits and disable RDP functionality.
3. Patch or update your software
Malware relies on businesses like yours using outdated software with vulnerabilities that are easy to exploit. Endpoint security hygiene is essential in preventing ransomware from silently sneaking into your systems. It can significantly decrease the potential for ransomware if you update your software regularly. Invest in Patch Management from an MSP and patch your systems to reduce vulnerabilities.
4. Instigate security awareness training
Ransomware can gain access to your network in several ways, but the most likely is via a phishing attack. If an employee opens an infected attachment, or clicks on a link they shouldn’t, ransomware may gain entry and rapidly spread across your network. Reduce the risk of user-error and launch a proper security awareness training program for all of your team.
5. Detect ransomware remotely
Recognise the signs of a ransomware attack with help from third party SaaS vendors. This can detect if a machine is infected by ransomware and triggers an automatic lock down state to isolate the infected endpoint, protect the network and prevent further spread.
6. Use a reputable IT security suite

A managed anti-virus service, anti-malware software and a firewall is critical in your defence against ransomware. Malware is constantly evolving so it’s vital to have several layers of protection. If ransomware variants succeed in by-passing anti-malware software, they may still get stopped by your firewall defences.

7. Use Multi-Factor Authentication (MFA) on all admin accounts, cloud-based email, remote access and customer-facing applications to add additional layers of security to your systems.

Who’s at risk?
Proofpoint predict that every 14 seconds a business falls prey to ransomware in 2019, rising in 2021 to every 11 seconds. Regardless of your size ransomware needs to be on your radar – it’s not biased in who it selects. From SMEs and charities to corporate giants, all are targeted in equal measure. Could you repair your reputation, revenue stream and infrastructure from a ransomware attack if it happened today? If the answer is ‘no’, you know what to do and who to call.

For more on disaster recovery and cloud IT security visit www.kalamazooit.co.uk/cloud-services/.

Related News

  • Cyber

    Cybersecurity index

    by Mark Rowe

    There is a wide gulf in cyber preparedness around the globe. Only about half of all countries have a cybersecurity strategy or…

  • Cyber

    Austrian energy training

    by Mark Rowe

    The European Network for Cyber Security (ENCS) joins Oesterreichs Energie, the association of the Austrian electricity sector, in Saalfelden to deliver its…

  • Cyber

    Protection, not prevention

    by Mark Rowe

    It’s the end of data loss prevention (DLP) as we know it—and security executives should be happy about this development, writes Richard…

Newsletter

Subscribe to our weekly newsletter to stay on top of security news and events.

© 2024 Professional Security Magazine. All rights reserved.

Website by MSEC Marketing