Ransomware is an insidious attack vector that is gaining popularity daily. So much so that security experts are seeing reductions in other types of attacks in favour of ransomware. This is primarily because it is more profitable and easier to administer than more traditional malicious attacks. That means every business, everywhere needs to protect itself from ransomware.
So what exactly is ransomware and what can you do about it?
What is ransomware?
Imagine this scene, you are compiling the month end sales report and have spent three days collating, sorting, defining and refining your work. You go to get a coffee and come back to see a warning notice on your desktop.
‘The files on this computer have been encrypted. You have 96 hours to submit payment to receive the encryption key, otherwise your files will be permanently deleted.’
That’s ransomware.
It comes in a couple of forms, encryption ransomware and locker ransomware but they both do much the same thing.
Encryption ransomware does just that. It encrypts the contents of your hard drive and gives you a Bitcoin address to send a cash sum in return for the decryption key.
Locker ransomware locks you out of your computer until you pay the fee. The hard drive isn’t encrypted but all input is locked down until a specific key is entered.
Both kinds of malware use social engineering to get you to pay up. The notice will often be polite and include a timer with anything from 24 hours to 7 days to pay. Most instances of malware will also spread themselves to other computers within your network and avoid traditional antivirus detection.
If that wasn’t bad enough, some ransomware variants can include your computer in a botnet to infect others and collect personal data from your hard drive and upload it to the criminal’s server!
One of the most famous ransomware variants is Cryptolocker but other notables include Locky, CrytpoWall or Winlocker. The names change to infect the innocent.
Ransomware spreads mainly through infected emails but will use whatever means necessary to get to you. It can also exploit vulnerabilities in software, hide in infected websites, arrive as drive-by downloads (infection from visiting an infected website) or malvertising campaigns.
How can small businesses protect themselves from ransomware?
If you didn’t have enough to do during a working day, you have IT security to consider too. Fortunately, many of the ways to prevent ransomware are also good IT practice and can also protect you from other threats.
1. Instigate a regular backup schedule
If you use a computer for work, you should back it up. Backup solutions can be simple and cheap or complex and expensive. There is no excuse to not use one.
2. Use quality antivirus and malware products
How much is your data worth? Investing in good quality antivirus and malware solutions that include zero day and heuristic scanning can go a long way to protecting you from ransomware.
3. Keep your systems updated
OS and software updates often include protections for the latest threats so keeping your infrastructure up to date can go a long way to avoiding issues. They also include features and bug fixes too which is a bonus.
4. Use quality email software
If you have an Exchange server, configure it to strip or expose file extensions. Keep an eye on spam filters and remove attachments from unknown senders. If you use webmail or local email servers, you can configure them to do much the same thing.
5. Train staff in safe internet and email use
Aside from drive-by downloads, all ransomware threats need some form of human interaction to work. Whether that’s opening an infected email, executing an attachment, visiting a link to an infected site or sharing a funny email with colleagues. Educating staff could avoid 99% of these threats.
6. Lock computers down
Some simple tweaks to disable remote desktop, prevent access to AppData or LocalData folders, restricting user accounts to guest level, enforcing UAC, disabling OneDrive or other cloud storage, disable Office macros and more.
7. Traffic filtering
If you’re on the internet a lot, utilising a form of traffic filtering to analyse traffic in and out of your office could help. It will not only tell you what’s happening on your network but can also alert you if something is wrong.
8. Use a hardware firewall
Hardware firewalls are dedicated devices that sit between your office network and the internet. They analyse all traffic in and out and will block anything it doesn’t like. It can also be programmed to look out for specific behaviours and traffic types. All businesses of all shapes and sizes should invest in a good quality firewall.
9. Familiarise yourself with ransomware decryption
Now that ransomware has been around a while, some security companies have developed tools to decrypt your data without your having to pay the ransom. Kaspersky are one of the many companies offering free downloads. AVG are another.
10. Outsource your security if you don’t have the time or expertise
The average SME runs lean. They don’t have the luxury of a Cisco-certified security expert or IT administrator. If you don’t, work with someone who does. It may cost money but so will losing everything you have worked for.
Excalibur specialises in protecting businesses like yours from ransomware and other security threats. Talk to us today to see how we can help protect you.
