With the WannaCry and Petya ransomware attacks that crippled thousands of organisations around the world, FraudWatch International felt it was worthwhile to recap some of the steps both individuals and businesses can take to protect against ransomware attacks. In this article, we will give you an understanding on what Ransomware is, detail some of the areas consumers can look at, and focus on what measures businesses can put in place to protect their data.
There are no guarantees in life, but there are things that individuals can do to minimise the risk of being infected with ransomware. In the event that someone is infected with ransomware, they can also take steps to minimise the impact and damage the attack will cause.
What is Ransomware?
Malicious software/ malware that has taken control of your computer (or your companies computers and data systems). Once they have control the attacker typically threatens to either block access to your computer, release the data to the public, or delete data unless a sum of money is paid.
They are essentially holding your data and computers for ransom.
Back up your files regularly
The biggest trauma people suffer as the victim of a ransomware attack, is loss of data. Losing those precious pictures of family events, or the documents you have been meticulously saving over the years, can be devastating.
The best way to protect your important files is to regularly back up the data on your devices to an external hard drive that isn’t connected to the internet or a LAN (Local Area Network). If you have regular backups scheduled, you won’t lose as much to the hackers.
This will make recovering from an attack much easier, as the data is not lost forever like it usually would be.
Use antivirus software
Antivirus software has been around for a long time and it is your best first line of defence. Good antivirus programs can scan files to check for ransomware before they are downloaded onto your computer. They can block hidden installations from occurring without your knowledge while you are browsing the web, and they can also detect any malicious software you may already have on your computer or device.
Another good tip is to ensure your web security is up-to-date, so it is not even possible to visit malicious websites from your computer.
Always install updates
Hackers exploit vulnerabilities in software to spread their ransomware. Software developers often release software updates to fix these vulnerabilities once they are identified. It is important that you download the latest updates for the software you use, to eliminate those vulnerabilities on your computer and devices, otherwise you leave yourself open to being attacked.
Be suspicious of all electronic content
Hackers rely on the gullibility of their targets to download their malicious ransomware software, thus allowing them to launch their attack and encrypt the victim’s files. Their preferred methods of distribution are through emails, malicious adverts on websites, and dodgy apps or software.
Users need to be vigilant when opening unsolicited emails or visiting websites they are unfamiliar with. NEVER download an app from anywhere other than an official store, and ALWAYS read reviews before installing programs.
Never pay the ransom
In the unfortunate event that you are hit by ransomware, FraudWatch International’s advice is to never pay the ransom! Doing so will only encourage hackers to continue their malicious work, and there is no guarantee that you will be able to recover your files anyway. There are a few programs that can offer the hope of decrypting files, however, your best solution is to reformat your computer, recover your files from backups and learn how to avoid it happening again.
Next week, we will cover some best practices that businesses can adopt to ensure they have optimal protection against ransomware.
How to protect a business if you are a CISO-CEO
Businesses cannot solely rely on their individual staff to do the right thing when it comes to ransomware protection. CEOs and CISOs need to implement checks and balances to ensure that their systems are less vulnerable to attacks.
Backup data regularly
Having well-maintained backups is vital in allowing your business to get back on track, whether it be from a ransomware attack, or a hardware failure. Critical data should be backed up on a regular basis, and those backups should be encrypted and stored off-site, or at least offline. NEVER store backups on the main network. This will leave them vulnerable to attack. Ransomware travels through network drives, encrypting everything in its path, so if your backups are stored on the same network as your data, they will be rendered useless if the ransomware reaches them.
Keep up-to-date with system patches
Always install the latest software patches and ensure antivirus signatures are up to date. The vulnerabilities exploited in the Petya variant attack, had already been covered by Microsoft’s patch MS 17-010 , first released in March 2017. Not all businesses had installed that critical patch, as a result the Petya malware was able to spread using the Eternal Blue and Eternal Romance vulnerabilities. Regular patching significantly diminishes the likelihood of an attacker getting into your network.
Segment networks and limit account privileges
Don’t store all business data on one shared network drive, which every staff member can access. Identify your critical data, and isolate it from the rest of the network. You should also limit how many users have administrative privileges on their account. By segregating duties between user and administrative accounts, you ensure that no single account (including Domain Admin) can execute commands across all systems on the network. This limits the amount of damage that can be caused if a hacker gets in.
Know your vulnerabilities
Conduct regular risk assessments to understand the methods hackers are using to infiltrate security systems. This will help to identify weaknesses in your own security that could be exploited. Penetration testing, which actively scans the system or network for exploitable vulnerabilities which might allow hackers to gain remote access to your systems, needs to be conducted regularly (monthly). If any known vulnerabilities are identified in your applications or systems, you then have the ability to allocate resources to fix those issues and patch the relevant systems promptly.
Develop Business Continuity / Data Recovery Plans
Whilst security techniques are effective, these measures will not prevent every type of attack, so plans need to be put in place to efficiently deal with the aftermath.
In the event of a ransomware attack, critical servers and individual user systems need to be restored quickly from backups. Scheduled backups should match the timeframe of data your company is willing to lose in the event of a cyber-attack. Formal procedures need to be in place, so that your business can restore services to both employees and customers.
Recovering from a Ransomware Attack
In the event that your company is hacked with ransomware, there are some crucial steps you need to take to minimise the damage:
- Disconnect any infected machines from the network, so the ransomware cannot continue to replicate and spread to other machines;
- Investigate whether other organisations have been hit by similar malware, and find out if they identified any tools to decrypt your files.
Your Biggest Vulnerability: The End User
As the saying goes, “You are only as strong as your weakest link.”: Your users.
The most common ransomware delivery method is through malicious emails. Hackers craft clever emails to trick users into carrying out actions that will allow them to infiltrate your systems from within your network.
Phishing and malware training is critical. Train your staff to be suspicious of everything that hits their inbox. Teach them not to open email attachments, and not to click hyperlinks in emails that they’re not expecting. If the sender is a stranger, delete the email immediately. If you do know the sender, but the message is unexpected or suspicious, train staff to make a phone call or send a text to verify that the email is legitimate. If it’s not legitimate, delete it immediately.
Some organisations are going as far as to label email as “external”. This can assist employees with determining the authenticity of an email supposedly sent from someone within the company. If an email is sent from outside the network, the user will be notified that it’s from an outside party.
Security awareness training is the key, offering practical tips for staff not only on how to detect phishing emails, protect data and create strong passwords, but also on the use of social media and internet safely.
Some security teams regularly send out mock phishing emails to their staff to determine their predisposition to fall for phishing techniques. They can also provide an easy to use mechanism for staff to report actual or suspected emails to the security team and track the results.
Visit our contact page to reach out to us if your company is the victim of a ransomware attack or if you’re seeking professional services to protect you against any online threats to your business.