Ransomware part 2: Protecting your business against ransomware
Posted on 3 October 2016
Ransomware attacks are rising at an alarming rate with cyber criminals using increasingly sophisticated techniques and wider distribution methods. Recent research showed nearly 50% of businesses have been a victim of ransomware and less than half were able to fully recover their data.
This blog is the second part to our recent edition on ransomware — a form of malware that, once infected, holds a user’s computer to ransom until a sum of money is paid to release it. This can be by either restricting access to the computer or encrypting the files.
In this blog we cover the key steps you can take to reduce the risk of your business becoming a victim of such an attack.
As with most viruses or malicious content there is no one step you can take to eradicate the risk of being infected. To provide your business with the best protection you need to implement multi-layered security, educate end-users and keep your systems up-to-date.
Here we discuss these measures in more detail:
1. Set secure passwords on all accounts
It’s important to ensure secure passwords are set on all user accounts. An outsider with malicious intent only needs to compromise one user’s account to be able to access your entire network and potentially infect all your data.
2. Limit network access rights
Users should only have access to the files they actually need. Far too often businesses give users full access to all files on a network because it’s easier than applying some restrictions. A ransomware attack executes itself from the point that it is run from and under the guise of the logged on user. This means the more access to the network that user has, the more damage is going to be done. For example, if a shared file is completely unrestricted all data on that file will be maliciously encrypted.
3. Educate end-users not to open email attachments from unrecognised senders
One of the easiest ways for viruses to enter a network is via email. The attacker does not need to compromise your network to send an email with an infected attachment. They just need to make the email look legitimate and before you know it a user has opened the attachment allowing the virus to get to work. So it’s essential that if you don’t recognise the sender or are unsure about the content of an email you highlight this to your IT team straightaway.
4. Use email security that scans email for spam/viruses
You can further reduce the risk of an attack via email by using a solution that scans inbound messages for viruses/spam. This ensures anything unwanted is filtered out before it hits a user’s inbox.
5. Invest in comprehensive firewall protection
Another common way of delivering a virus into a network is via the web. This usually comes in the form of content hidden on a website including sites you would otherwise consider legitimate but have been compromised. It works by a user clicking on a link or accessing a particular part of a site that instigates a download of an infected file. To limit exposure to this risk you can put controls in place to block the malicious content as well as to restrict users from visiting sites that are more likely to carry this type of threat. Our WatchGuard product provides both web filtering and reputation-enabled defence to help combat this threat.
6. Up-to-date anti-virus solutions for all endpoints
Some of the early anti-virus solutions proved weak in providing protection against ransomware attacks. This is now gradually changing with more technology being targeted specifically at this style of attack. As this anti-virus software relies on a signature database to detect new variations of malware, it’s essential that the latest updates are applied as frequently as possible.
If your business is affected by a ransomware attack, there are a range of decryption tools you could access. These are designed to decrypt a specific type of malware of which there are more than 25 known varieties. For this reason, we’d always advise that you speak to your IT team first.
7. Reduce vulnerabilities with up-to-date applications and operating systems
Malicious third parties are known to readily exploit software vulnerabilities in common operating systems and applications. So it’s important to ensure the latest patches and updates are applied to all software on a regular basis. This helps to close down these vulnerabilities and limits the risk of them being exploited.
8. Ensure you have a reliable offsite backup solution
If you’re unfortunate enough to become a victim of a ransomware attack quite often the only way of recovering the data is via a backup. To provide the best possible recovery solution it’s essential you have reliable and robust offsite backups in place. This should be tested on a regular basis to make sure that you can recover your data when you need it. It’s also important to consider the frequency at which backups are taken. Most backups are taken overnight, which means you could potentially lose a whole day’s data if you have to recover to the night before.
At Enhanced we have a range of solutions to ensure your network is secure as possible. Speak with your account manager to find out more details or to arrange a network security review.