If you’re a business, no doubt you’ve heard about a ransomware attack. If you’re not sure exactly what it means, we’ll explain. Typically, it involves cybercriminals using data encryption or data theft to demand businesses or individuals pay a large sum of money, to unlock or return stolen data. In- order to extract money, the cybercriminals make threats against the business. Firstly, the criminals may threaten all business transactions will cease until monies are paid. Secondly the criminals can threaten to disclose business information in the public arena to either embarrass or damage a business commercially.
All too many businesses when faced with the situation of a threat attack are ill-prepared to deal with the disruption and pay up $. Even though, it’s universally recommended not to pay as it reinforces criminal behaviour and increases their financial gains. They’re successful criminals when they get the ransom. Most importantly, those who do pay the large sum believe in good faith the criminal will keep their promise. But are sorely disappointed when the attackers will either not provide the promised relief, or they may simply return a short time later for a second attempt. Now you’re an easy money target.
Meanwhile, organisations such as REvil are service providers of Ransomware who provide other attackers with all the right tools to use them to attack the victims of their choosing. So, now there’s literally RaaS – Ransomware as a Service.
What You Can Do
Most importantly, businesses need to prepare for Ransomware threats. A business needs to protect against potential attacks so they don’t end up with a Ransomware headache. We have some very simple actions your business can do that are outlined below; the top five steps you can take:
Train Your People – Firstly, when traced back many successful ransomware attacks are caused by a careless or unaware user response to an email-based phishing attack. By getting your staff trained, they are less likely to fall for scams and handle their usernames and passwords with more care.
Implement Multi-Factor Authentication – Multi-Factor Authentication or MFA for short, is a second layer of identity authentication. So even if an attacker does manage to obtain staff credentials, they can’t get through the second layer of authentication. With no way to authenticate, it will prevent an attack from taking place.
Patch Your Systems – Exploiting vulnerabilities is a key weapon in the attacker’s toolbox and second only to phishing emails. As a result, the need to close the gaps is critical to guarding against the attackers. This means managing your vulnerabilities with a management regime. With so many of us working remotely, this often extends beyond the scope of an organisation.
Implement Controls – On servers and workstation, as well as the network and application layers, modern type security controls, are equipped to detect traditional viruses, malware through signature matching, behavioural analysis and spot any irregularities. For example, treated as a potential attack, stopped or blocked in its tracks, would be an unexpected application accessing file stores.
Have Detection and Response Plans – Lastly, it’s critical to be able to quickly detect a potential security incident and work out how to respond technically, operationally, and commercially. An agreed approach and response plan to ransomware is vital to recovery, you need
Communication and escalation plans
Allocation of duties
In- regard to payment
These shortlisted steps are by no means exhaustive and are part of your overall cybersecurity strategy, to reduce your risks. We would welcome the opportunity to discuss these in greater details, should you need further information.