Last week, we looked at preventative measures towards a DDoS (Distributed Denial of Service) attack which sets out to achieve two things: ransom and taking the target offline. This week, we offer 5 tips to help combat Ransomware.
What is Ransomware?
Ransomware is a form of malware that may threaten to release proprietary information, crypto-locker (freeze) or wipe your data. Hackers will demand a ransom payment (often untraceable cryptocurrency such as bitcoin) in exchange for your data. However, there is no guarantee. Even when an individual or organisation complies, their data may not ever be recovered. According to a ‘State of Email Security 2021’ survey, 52% of victims of ransomware attacks in 2021 paid out, of which 34% failed to get their data back, despite paying the ransom.
In May of this year, a major US fuel pipeline; Colonial Pipeline, paid out £3.6m following a Ransomware attack.
What not to do
It’s understandable that many organisations want the matter resolved as fast as possible and whilst it may be tempting to throw money at the problem, there are no guarantees, and you may only be supporting future attacks. Our advice would be:
- Don’t pay up – this won’t stop them from targeting you again and will only encourage them to continue their criminal activity
- Don’t attempt to negotiate
Instead, use these 5 steps to recover as quickly as possible
- Immediately remove your affected PC’s and servers from the internet and shut down business-critical systems
- Connect with your IT support team or organisation to help isolate and recover affected PC’s or servers
- Check your backups, if these are in the cloud do not attempt to check them with an infected PC
- Report all incidents to the National Cyber Security Centre (NCSC) and the authorities via Action Fraud
- Patch any systems that may have led to the ransom attack and be sure to monitor closely for further malicious and suspicious activity. Our previous blog highlights some areas you may want to monitor.
Prevention is the best way to combat Ransomware
- If you have not yet been targeted, then make sure you check your defences
- Conduct an audit of your remote workforce’s local infrastructure (secure Wi-Fi, device encryption, etc)
- Ensure you have an adequate and working firewall
- Keep all your PC’s and applications up to date with the latest patches
- Back up your data and perform tests to ensure you can recover it. Read our blog ‘7 Practical Tips To Prevent Ransomware Attacks On Backup Storage’
- Consider 2 Factor authentication such as Okta, this is more vital than ever with more remote workers since the COVID pandemic
- Educate your staff on Cyber security. Most organisations offer mandatory training sessions that often take no longer than half an hour to complete.
- Get a security audit or consider Cyber Essentials certification.
Check in, in two next week for our guide ‘Getting the best from your Firewall.’ Meanwhile, see how amatis can help elevate your cyber security.