How to defend against ransomware

Ransomware is a type of cyber crime where a criminal will deliberately encrypt your data and demand a ransom to release it.  Such an attack can be crippling for any firm. Recently Norsk Hydro suffered a ransomware attack which shutdown their global operation and cost around $30m to recover.

How do I protect my data?

What steps can any firm take to protect its self from ransomware? Below you will find the key steps to protecting your client data from ransomware.

Awareness – Ensure staff are aware of the threat from cyber criminals. There is plenty of training resources available to help staff become aware, much of it free. The NCSC provides cyber security training for staff.

If you and your staff are aware of the threat from phishing emails, malicious websites and opening unexpected files then you are in a strong position to defend your IT assets.

Use an email spam filer – Many cyber attacks are delivered via email. By using a spam filter you can reduce the number of times you are exposed to malicious emails.

Patching – Keep operating systems, applications and firmware up to date. Criminals exploit system vulnerabilities to gain access to your data. Keeping systems up to date is just one of the 10 Steps to Cyber Security. You can read about all the steps here on our cyber hub.

Control access to data – In smaller firms it is typical for staff to have access to every system. However, if one PC is encrypted with ransomware then data stored in every system could also be encrypted.  Consider using separate login IDs and passwords for each system. Only give staff access to the systems that are essential to their daily activities.

Having a good authentication policy – Make sure you use good passwords and turn on 2FA whenever possible. Using three random words is a great way to remember complex and hard to guess passwords.

Data backups – Having a good data backup plan is the key protection against ransomware. If your data is regularly backed up then in the event of a ransomware attack you will be able to restore your data from the unencrypted copy. 

It is worth keeping in mind that if you use services like Dropbox or OneDrive then encrypted files may well be automatically copied to the remote cloud service. While data synchronization services can protect you against some issues (theft and hardware failure for example) they are not a replacement for a full backup. The same is true of automated scheduled backups. If you back up your data once an hour then you may need to stop the automated backup the moment ransomware is found. Otherwise, the backup data may also become encrypted.

You must regularly test the backup process to ensure that you can restore data.

Have a business recovery plan – Have a plan as to how your firm may recover from an incident. Consider the type of incidents that could impact your organisation. These could include fire, theft, failure as well as ransomware or other cyber attacks. Our Tech Essential Guide to Cyber Recovery provides some thoughts on how to recover.  Once you have developed a plan you need to test it. If you ever have to use the plan it is essential to learn from the incident and update your plan accordingly.

Do not pay a ransom – By paying a ransom you are funding organised crime. You can report a cyber crime to Action Fraud.  There is no guarantee that criminal will decrypt your data even if you do pay the ransom.

Cyber crime is indiscriminate and can affect any sized firm. By following the steps outlined above your organisation will be a strong position to resist ransomware and other types of cyber crime.

Anonymous