Once again the news has informed us that Australian based companies have been affected by Ransomware attacks.
It seems that we’ve only just put the Wannacry virus behind us and now the Petya/not-Petya virus is doing a similar thing and affecting significant businesses such as Cadbury and TNT Express.
What is Ransomware?
Ransomware, in essence, attacks a company’s file system by encrypting data and demanding payment of a ransom (usually paid in encrypted Bitcoins) in order to receive a code to unlock the encrypted files.
You should NEVER pay the ransom!
Although most attackers will provide you with the key to unlock your files when you pay the ransom, there is no guarantee that they will not reinfect – if they have not done so already. Chances are, if your system is infected they have left the backdoor open for access at a later date.
While ransomware is the fastest growing malware threat and is always evolving, mitigating the risk to your business is simple and involves three things; User Awareness, Threat Detection, and Data Backups. Building a security strategy for your business around these three things will ensure that your data is protected.
Ransomware inevitably gains access to a company’s systems through some sort of user interaction. This could be opening an infected attachment on an email, clicking a link on a website that redirects to an infected site, or downloading an infected file.
Here are a couple of things that users should be aware of as a first line of defence:
Just because the email says it’s from PayPal doesn’t mean that it is.
Always check the sender’s email address before opening attachments on unknown emails. Many times, you will find that unexpected notifications of “account issues” have an email address like *@pay-pal.com or something else other than the company’s actual address – or that mystery package notification was sent by *@aust-post.com.au
Check that the link that you are about to click on goes where you think it does.
If you hover your cursor over a hyperlink there will generally be a popup showing you the address of the site you are about to access. If you are unsure of the location, don’t click on the link.
We all know that in this day and age you should have some sort of antivirus or anti-malware software installed on your computer to protect you from viruses. Unfortunately, a lot of the time with these new breeds of virus, simply having antivirus installed is not enough.
Most antivirus applications are effective at scanning files and downloads for known viruses but are slow to pick up on new threats and detecting malicious behaviour. This is why ransomware is so prevalent and where an additional level of protection is required.
Products such as Cisco Umbrella provide a level of threat detection between the local computers and the Internet to detect potential threats before they gain access to your network. Always on the lookout for anomalous behaviour, Cisco Umbrella can collate data about potential threats on a global scale and apply that knowledge in real time to protect your business.
Creating backups of your data is always to protect you against the worst-case scenario, whether this is critical failure of hardware, force majeure or other situations where your data becomes unavailable. However backups, when implemented properly, are also a fantastic way to mitigate the threat of ransomware.
Since ransomware affects file systems from a certain point in time, a backup strategy which provides incremental snapshots of file changes will allow you to restore affected files from before the time of the outbreak. Obviously, restoring files from backups can cause some disruption to business activities, but this pales in comparison to the impact of losing data.
If you are concerned about the potential threats to your business and want to make sure that your security strategy is up to date, the team at Resolution Technology is available to help.
With legislation taking effect from 22nd February 2018 for notification of data breaches, there has never been a better time to ensure that your business is protected.