Ransomware cyber attacks could leave you and your business without access to crucial IT services. Here’s how to deal with and prevent them.
Ransomware is a type of malware that threatens to publish the victim’s data or perpetually block access to it unless a ransom is paid. It came to public attention in the UK with the 2017 WannaCry attack that crippled the IT systems of several large organisations, most notably the NHS.
Preventing attacks before they happen is the best way to protect yourself. You can do this by:
Defending your email against ransomware – is mainly distributed through email phishing and spam. Secure Email Gateways with targeted attack protection are crucial for detecting and blocking malicious emails that deliver ransomware. These solutions protect against malicious attachments, malicious documents, and URLs in emails delivered to user computers.
Defending your mobile devices against ransomware—mobile attack protection products, when used in conjunction with mobile device management (MDM) tools, can analyze applications on users’ devices and immediately alert users and IT to any applications that might compromise the environment.
Defending your web browsing against ransomware—secure web gateways can scan users’ web traffic to identify malicious adverts that might lead to ransomware.
Monitor your server, network and back up key systems—monitoring tools can detect unusual file access activity, viruses, network C&C traffic and CPU loads, possibly in time to block ransomware from activating. Creating a full image copy of crucial systems can reduce the risk of a crashed or encrypted machine causing a crucial operational bottleneck.
If you do fall victim to an attack you should:
1 — Isolate the Infection: The rate and speed of detection is critical in combating fast moving attacks before they succeed in spreading across networks and encrypting vital data.
2 — Identify the Infection: Most often the ransomware will identify itself when it asks for ransom. There are numerous sites that help you identify the ransomware, including ID Ransomware. The No More Ransomware! Project provides the Crypto Sheriff to help identify.
3 — Report to the Authorities: You’ll be doing everyone a favor by reporting all attacks to the authorities. Victim reporting provides law enforcement with a greater understanding of the threat, provides justification for investigations, and contributes relevant information to ongoing cases.
4 — Determine Your Options:
Your options when infected with are:
Pay the ransom – this could make you a target in the future.
Try to remove the malware – if you can find a way to do this, it is the best option.
Wipe the system(s) and reinstall from scratch – whilst you may not want to do it, sometimes this is the only way to recover your systems without paying.
If you follow these instructions you will enhance your business’ cyber security by being able to prevent and deal with ransomware attacks.