How to Deal with Ransomware

A digital security risk that appears to be becoming more prominent in the mainstream media is ransomware. Stories are beginning to surface more and more frequently, both highlighting the sheer volume of attacks and also focussing on the more targeted examples of hospitals and schools who have been left helpless. As the name suggests, Ransomware is a form of malware that encrypts your data so that it becomes unreadable, and then proceeds to extort money from you to receive a code that unlocks it. Traditional blackmail revolutionised for a digital age.

Ransomware is generally distributed via email, with the recipient inadvertently clicking on a malicious website link, or opening a harmful attachment. Adverts on web pages are also a threat, as they too are able to gain access to your data through the accidental click of a button. For individuals, losing access to your data can range from annoying to severely damaging. In the case of the hospital who had its files locked away, it could have potentially been fatal to some of the patients who relied on what was written.

The most important thing under these circumstances is always to report the ransom to the police. Not only could the impact of having your data withheld be monumental, the huge costs in paying the extorter could be too. Even if you do agree to give in and pay up, that still isn’t any guarantee that your information will even be released. The key to preventing this eventuality is vigilance. Always be careful about what you open and where click when on the web. If it doesn’t look trustworthy, then steer well clear.

That advice is all well and good for an individual on their home computer perhaps, but for businesses prevention is a little more difficult. The most effective route is through education. By educating your staff you can be sure that they are aware of the risks and what measures must be taken to avoid them. Another preventative measure is the use of malware protection. All PCs and file servers must have an application that stands as a barrier against attack. Once installed, keep it regularly updated and always be on the lookout for an upgrade should more advanced protection be available.

Those are the two most effective ways of preventing an attack, but neither can guarantee 100% that something won’t make it through. To counter that, you must integrate a data backup regime. Regular backups are insurance against data becoming encrypted and unreadable. These backups should be tested to make sure that the data is clear of any viruses, and you should always make sure that your system is completely clean again if you are reintroducing the files after an attack.

One of the things that makes implementing these measures in a business setting difficult is the inconvenience. From having to arrange tutorials that staff can learn from, to ensuring that backups are actually recording the right information, everything about the process is tedious. Unfortunately, this doesn’t make it any less vital. The damage that a ransomware attack can do is huge. Think of everything that is important on your system becoming unreachable, and your company being unable to fulfil its obligations as a result. A scary thought. By implementing these very simple aspects, your risk of attack is severely reduced, and the impact softened should the worst happen.

If you have any concerns regarding your vulnerability to cyber attack, please get in touch.

Finalists in the Comms Business Awards 2016
The Rise of Targeted Phishing