25 August 2017
Ransom-ware does not have to succeed
WannaCry ransomware made global headlines recently as it infiltrated thousands of SMBs as well as larger operations like telcos, schools and hospitals, including some large-scale victims like the UK’s National Health Service.
Be assured, this is not the first ransomware infection of its kind, and it won’t be the last. For most businesses, the question isn’t if they will be hit, but when. Cybercriminals are constantly releasing new variants with modified code that look to exploit fresh loopholes, so the ransomware threat will remain persistent.
The good news is that if you are prepared, ransomware does not have to succeed. The sensible course of action is to mitigate the threat and remove the chance of your business becoming a victim.
What is ransomware?
Ransomware is often spread via spam or targeted email campaigns. Clicking a link or attachment activates the malware. It then moves to encrypt all your critical data, locks your system and prevents you from using Windows.
To get access to your data, cybercriminals typically want the ransom paid via Bitcoin, as the digital currency is typically untraceable. If you don’t pay, you risk losing access to your data. If you pay, however, there is no guarantee you will get the data back. It is possible to decrypt an infected computer, but this depends on the level of encryption used.
What is WannaCry?
The now-infamous ransomware known as WannaCry, WannaCrypt or WannaCryptor 2.0 exploited a specific vulnerability in older versions of Microsoft Windows. What made these variants so dangerous was that the ‘worm’ could move to infect any connected computers in the network, even if they were protected by a firewall.
Protecting your business from ransomware
To avoid losing valuable time, clients and money, make sure your business has a plan to counter ransomware before an initial attack.
Have a solid, defensive backup strategy that includes a working backup of your data. Without a backup, you will be unable to recover the data after your systems have been compromised. Back up according to an established protocol and regularly test it to ensure the backup data is recoverable.
Ensure your organisation runs with updated software and the latest security patches. Anything older than Windows 10 could be vulnerable. This includes a properly configured firewall, and robust spam filters to prevent phishing emails from reaching your staff.
Look to your staff as the first line of defence against ransomware like WannaCry. They need to know what a phishing email could look like and be wary of clicking on any links and attachments. Develop an email security protocol that helps them identify anything suspicious.
Assuming you do get infected by ransomware, have a contingency plan to minimise the risk of it spreading. Look to identify the source of the infection and isolate the machine from your network as soon as possible. You can then work to have the infection removed.
Take these steps and you increase the odds of protecting your data – and your business.