Ransomware attacks – and how to avoid them

For most companies and organisations, Ransomware is an omnipotent threat to their cyber security. From private businesses and banks to universities and hospitals, ransomware attacks are a daily occurrence somewhere in the world as organisations pay out millions of pounds to unlock encrypted files. These ransomware attacks have such a high success rate because the cybercriminals use advanced technology, along with social engineering, to breach their target’s networks. Once a system has become infected, the ransomware program encrypts all files to a private key held by the cyber criminals, who then issue demands for payment in bitcoin to recover the networks. Meanwhile, social engineering includes information gathered about the target’s geolocation and social media accounts, to find other ways to access the system. The criminals will also bury malicious code in traditional software used by many companies (for example, JavaScript, Microsoft Office, Flash, etc) and launch successful attacks on businesses that even have security safeguards in place. In the face of such withering attacks on an organisation’s IT infrastructure, many businesses simply pay the price demanded by the cyber attackers and hope it will never happen again. But to prevent an attack occurring or infecting a system, there are a number of best practice solutions companies can use to protect themselves – even as ransomware technologies continue to evolve.  These solutions include:

• Probably the most obvious measure a business can take – backup data regularly and store everything on a secondary system. These backups should happen every time data is modified and they should be stored offsite in a system that is unconnected to the main network.
• Ensure that all staff are trained to recognise what a ransomware attack looks like – and be mindful of suspicious emails, links and social media networks. Filter inboxes for spam and attachments from emails by an email security tool.
• Businesses should use anti-malware software and the IT manager should ensure that products are regularly updated.
• The ransomware attacks often happen via an executable file or as a .zip file. Also, attacks can come through Microsoft Office files containing macros. So, again, staff should be made aware of unfamiliar activity.

When a network has become infected, the infected computer should be disconnected from the system as quickly as possible. The wifi should be turned off and all automatic backups should be stopped to the external storage facility. Prior to shutting down the network, take a screen grab of the network memory. To stop ransomware from encrypting data, block network access to any command-and-control servers. Businesses should also remove local administrative rights from the system. This stops ransomware changing system directories, files, registry and storage. It also blocks access to system resources and files Importantly, if data is breached, tell the supervisory authorities that a breach has occurred and ask for assistance in the investigation. Under the new GDPR rules from May 2018, a business has 72 hours to notify the Information Commissioner’s Office about the breach. However, by doing this the business could lose data permanently as the criminals realise their ransomware tactics have failed. SCC has long understood how vital it is to put in place cyber security to defend digital operations from ever more sophisticated ransomware attacks. Cyber criminals are always finding new methods to circumvent and breach a company’s online security. These highly professional cyber criminals can lie in wait for months if necessary before launching an attack on a system that has put all the correct security compliance procedures in place. As part of the company’s services, SCC offers businesses the most up-to-date detection and analytics software. This helps with analysing and evaluating potential ransomware attacks. To protect highly confidential financial and personal data, all organisations need to have access to the best security to protect themselves. Moreover, SCC not only provides detection and analytics software, but also helps businesses to be more cyber security conscious. That way SCC increases security best practices while limiting the probability of a disastrous cyber-attack. Further Reading: Ransomware victims have paid out more than $25 million, Google study finds Discover more about our Security Services