What are ransomware attacks and how can you avoid them?
What is ransomware?
In a ransomware attack, cybercriminals use malware in order to prevent you from being able to access the data on your organisation’s network or devices. Once they have locked access to your data the only way that you can retrieve it is by paying a ransom or restoring from backup. The results of an attack like this can be absolutely devastating for the company concerned. Even once you’ve managed to get your systems back online it can take weeks or even months before everything is running again as it was before. Once you’ve fallen victim to a ransomware attack, without up to date backups there are very few options open to you apart from to pay the ransom.
Isn’t it only large companies that are affected?
There have been several well publicised examples of ransomware attacks recently. In May of this year the Irish Health Service Executive fell victim to an attack as a result of an employee clicking on a single link on their computer. The result was massive disruption, the effects of which are still being felt. Booking systems no longer worked so vital health appointments could not be made. Test results were not delivered back to patients. Essential services only could operate in emergency conditions. Restoring the systems has taken months as the restoration work needs to be done in a safe way.
Also in May this year, the Colonial Pipeline which supplies fuel to the East Coast of America was hit by a ransomware attack, leading to the pipeline going down altogether, panic buying, price spikes and serious shortages. In this case the breach was possible as a result of a single leaked password which enabled hackers to access the company’s servers. There was no multifactor authentication on the account so once the hackers had the username and password they were able to gain unfettered access to the largest petroleum pipeline in the US. I wrote about password security on this blog last month.
Whilst the examples that get the most publicity tend to be larger organisations, it is a mistake to assume that a smaller organisation won’t be hit. Indeed, Kaseya, a US IT management provider, was hit with a ransomware attack earlier this month. This then spread through the company’s network of clients, ultimately affecting between 800 and 2,000 other businesses, from Swedish supermarkets to New Zealand schools, all of whose systems were frozen for days.
How can I prevent a ransomware attack on my organisation?
Prevention is much better than cure in this case. The most common way in which a ransomware attack is launched is through a so-called phishing or spear phishing email. Such emails are sent to employees in the organisation with the aim of getting them to download an attachment, click on a link or visit an infected website.
Once this is done the malware will systematically go round and encrypt as many files as it can find on the organisation’s systems. Imagine what the impact of this on your organisation would be – a complete system shutdown, even if only for a few hours or days, can devastate a small business. Even once access is re-established, services can remain slow for weeks or months as the system needs to be scanned to ensure that it is re-secured effectively and that the hackers have not left any traps behind.
The key to preventing ransomware is raising employee awareness and ensuring that everyone understands how ransomware happens and what the impact can be. Employees need training to help them understand what phishing attacks look like and to ensure that they are alert to the need to be extremely careful before clicking on any links or downloading any attachments. You can run simulations to check that this training has had the desired effect and see how many employees still do click on suspicious links. It’s also important to make sure that each employee only has the access levels that they need in order to be able to do their job. The fewer people have access to critical systems, the harder it becomes for hackers to breach them.
However, as attacks get ever more sophisticated it can be hard for phishing attacks to be spotted so it’s also important to do as much as you can to prevent such emails from entering your systems in the first place. Start by configuring your anti spam filters for dangerous file types – flag any .exe, .vbs or .scr files coming in. Whilst it’s possible to launch a ransomware attack through a Word document, it’s much more common for cybercriminals to use these other executable file types. Modern email filters will include URL re-writing which means even if the user clicks on an infected link, it gets redirected to a sandboxed location and scanned to see if anything malicious is behind it.
You can also use network segmentation to keep points of vulnerability such as IoT devices on a separate network segment that does not have access to any business-critical data. It’s vital to keep software and devices as up to date as possible. Outdated software or unpatched operating systems introduce a significant point of vulnerability into your systems so keep all your programmes and operating systems up to date.
It’s also important to think through what would happen if you did fall victim to a ransomware attack and what you could do to mitigate the worst effects of it. Here having an effective backup strategy will help you. When creating backups, ensure that they are kept separate from your core systems, for example by using an external hard drive which you then disconnect from the computer.
We can help you put an effective strategy in place for preventing ransomware attacks in the first place and ensuring the necessary backups and other protocols are in place in case you are hit. Talk to us today.