What is ransomware and how can your business defend against it?

Cyberattacks against businesses have become increasingly common over the last decade. A growing number of these attacks involve ransomware, a particularly venomous form of malware that can completely cripple affected networks. While most of the media attention is given to attacks on big businesses and organisations, like the Wannacry malware attack that hit the NHS in May of 2017, small businesses are also being targeted by cybercriminals.

What is ransomware?

Ransomware is a form of malware that encrypts the data on infected networks and locks users out of their accounts. Victims are unable to regain access to their data until a ransom is paid to the attacker, usually in the form of Bitcoin or another cryptocurrency.

Ransomware also often includes a countdown timer to further pressure the victim into paying the ransom. If the timer expires without the ransom being paid, the encrypted files are usually deleted and can’t be recovered.

Should you pay the ransom?

There have been a few recent cases of big businesses being hit by ransomware attacks and deciding to pay the ransom because it’s cheaper than the financial impact of losing their data and rebuilding the infected systems. As you would expect, law enforcement discourages businesses from paying any ransom demands. There’s no guarantee that the attacker will restore their victim’s access to data after receiving payment. Businesses that pay ransoms willingly are also more likely to be targeted in the future.

However, given how devastating the impacts of ransomware attacks can be, it’s understandable that some businesses feel they have no choice but to comply with the attacker’s demands. But by taking some simple proactive measures, businesses can protect themselves against ransomware and other forms of malware. They can also reduce the impact of any attacks that make it through their defences.

Below are some simple preventative measures recommended by the UK’s National Cyber Security Centre.

Make regular backups

Maintaining up-to-date backups of your business data will limit the potential damage that a ransomware attack can cause to your business. However, it’s important that your backups are stored on a separate network so that a ransomware attack on your business doesn’t affect your backed up data. Ideally, your data backups should include online and offline backups, both of which should be stored offsite wherever possible.

Prevent malware from spreading across your systems

You can do several things to reduce the likelihood of attempted malware attacks reaching your network and devices. One of the most effective steps you can take is to educate your staff so they can spot and head off the most common attack vectors.

Many ransomware attacks are executed remotely via compromised network devices. Enabling multifactor authentication for every network access point and using VPNs for remote access to services will make it more difficult for would-be attackers to compromise devices on your network. Using multi-factor authentication across your network can also help to improve network resilience by making it so that attackers can’t use stolen credentials to gain unfettered access to your network and systems.

Keep everything up-to-date

As soon as new vulnerabilities are discovered in existing hardware and software, cybercriminals will start devising methods for exploiting them. If security researchers discover these vulnerabilities, they usually won’t disclose them publically until the developers have released a patch to address the issue.

Once the vulnerability is known and out in the wild, it’s essential that every user applies the corresponding security patch, so they’re no longer vulnerable to attacks. Failing to keep systems updated makes a hacker’s job considerably easier. A significant portion of successful cyberattacks against businesses succeeds because of their failure to keep their systems and software updated.

Security updates won’t protect you against zero-day attacks, which exploit hitherto unknown vulnerabilities. However, zero-day attacks are comparatively rare; most cyberattacks utilise known vulnerabilities and exploits.

Lockdown your devices

While you should take every possible measure to prevent malware from reaching your devices, you shouldn’t assume that it will never happen. In fact, you should assume the opposite; that malware will eventually reach at least one device on your network.

The measures you can and should take to prevent malware from infecting your devices and compromising their security will vary depending on the device type and operating system. You should start by looking at device-level security features and configuring each device to maximise its security against malware.

Installing antivirus and anti-malware products centrally can offer excellent protection across your entire network. Pairing this with device-specific solutions further improves their resilience to ransomware.

Finally, configuring your network so that only approved and trusted applications can run will make it much harder for attackers to plant and execute malicious code on any device connected to the network.

Outsource your IT security

With cyberattacks becoming more common every year, businesses need to invest in proper IT security. Of course, not every business has the resources in-house needed to set up robust cybersecurity defences. Outsourcing IT services to external businesses like ours enables any business to benefit from well-trained and experienced security professionals without having to shoulder the costs of cybersecurity training themselves.

CARA works with more than 100 clients, mostly SMEs, to provide them with professional, forward-thinking IT services with a particular emphasis on cybersecurity and protection from cybercrime. Contact us today to find out more about the services we provide and how we can help your business achieve its IT goals.