The threat of ransomware isn’t going away – in fact, it’s worse than ever, with 28 reported attacks in the past three months.
That’s not a surprise, given how often victims pay fraudsters to free their infrastructure from the crippling malware. Experts urge organisations not to negotiate with criminal hackers, yet many – like the governments of Riviera Beach, Florida, and nearby Lake City – feel compelled to meet their demands.
Those two cases resulted in payouts of more than $1 million (£800,000), which outraged the cities’ citizens.
Unfortunately, the alternative can be a lot more costly, as Norsk Hydro discovered. The aluminium producer, which refused to pay for a decryptor to restore its systems after suffering a ransomware attack in March, recently announced that the decision has so far cost £60 million in lost productivity.
Norsk knew that playing hardball with the criminals would have severe consequences, but it believed that was preferable to paying money that would fuel the cyber crime industry.
Not every organisation will be confident enough in its long-term security to make the same choice, but we doubt any victim is happy to pay a ransom either. The only alternative is to pump resources into your defences to try to avoid being attacked in the first place.
That’s a tough ask – the number of recent infections shows how hard it is to avoid attacks – but there are some essential steps you can take.
Top tips for defending against ransomware
- Beware of MSPs (managed service providers). Criminals are increasingly targeting MSPs as weak spots where they can deploy ransomware. You should ensure that any organisation you work with has adequate security measures in place.
- Regularly back up your systems. This enables you to wipe your systems in the event of a ransomware attack and restore previous, accessible versions of your information.
- Apply patches as soon as they are released. Vendors often release updates that fix vulnerabilities that could be exploited. As soon as a patch is announced, criminals are alerted about the weaknesses, so you need to address the issues as soon as possible.
- Enable software features that reduce or prevent malicious software from affecting a machine, e.g. exploit protection settings.
- Purchase antivirus solutions that can detect ransomware and alert IT to the attack.
- Deploy firewalls that use blacklists of known command and control centres that are updated through security feeds to prevent malware contacting the criminals who planted it to get instructions or encryption keys, or download additional malicious modules.
- Prepare for social engineering attacks. Many ransomware infections begin with staff opening phishing emails that contain infected attachments. You should teach employees how to spot and respond to malicious emails.
What should you do when you’re under attack?
If your defences have fallen short and you find yourself under attack, every second counts. You must respond quickly and follow a systematic, structured approach to the recovery process.
That is, of course, easier said than done, particularly if you don’t have a cyber security expert onboard. Fortunately, IT Governance is here to help.
With our cyber security incident response service, expert consultants will guide you through the recovery process, from identifying the source of the breach and how to stem the damage to notifying the appropriate people and returning to business as usual.