Ransomware has now become a big problem for many businesses across Staffordshire. It can lock up your files and make you pay money to get them back. This article I (Gareth “the tech guy with the ‘tash” Westwood) will show how you can protect yourself and your business from ransomware and what to do in case of an attack.
What is ransomware?
Ransomware is a type of bad software or virus. It penetrates your computer, locks up your files, and then the ransomware gang ask you to pay money to unlock your files. This can be very scary and costly both in time, lost income and reputational damage.
How does ransomware work?
Ransomware usually gets onto a computer through email or bad websites. It can also spread through networks. Once it’s in, it starts to lock up your files using strong encryption (see our blog post about encryption). Then once all the files are encrypted you see a message asking for a payment in exchange for the key to unlock the encrypted files.
How can you prevent ransomware attacks?
As with any form of security a multi layered approach works best to protect against attacks. Here are some key steps:
Keep your software up to date
Always keep your computer and programs up to date. Updates often fix problems that ransomware uses to get in. Anyone that has a support contract with QCT will have their updates dealt with automatically by the system
Use good antivirus or EDR software
Get strong antivirus or EDR (Endpoint Detection and Response) software. Keep it turned on and updated. It can detect many kinds of ransomware. QCT’s Security software stack includes cutting edge EDR software
Be careful with emails
Don’t open emails from people you don’t know or that you are not expecting, someone you know and trust could get hacked. Don’t click links or download files unless you are sure they’re safe. If in doubt, give them a call but for goodness sake don’t use the number on the possibly suspicious email… Get it from their website or your phone book or an older email.
Backup, Backup, Backup
Ok, so technically this is not prevention as such, however…
Security systems and processes are only so good and honestly if a hacker really wants to get in then they will find a way. The only true protection is a good, tested backup AND an also well tested disaster recovery plan. That way, if ransomware locks your files, you’ll still have copies and can start the recovery process. If you don’t know what your Disaster Recovery and Business Continuity plans look like then stop reading this and drop your IT team an email.
What do you do if you get ransomware?
So you think you have ransomware? Don’t panic. Here’s what to do:
Disconnect from the network
Immediately disconnect your computer from the internet. This may prevent the ransomware from spreading or worsening. If you are on a wired connection then remove it from your device. If you are wireless then turn the wireless off. Details on how to do this vary
Contact your insurance company
This may sound like an odd thing to say here but your insurance company MAY require you to contact them BEFORE you do anything else, even calling your IT team. Check if your insurer has a 24 hour contact centre… if not… maybe change provider. They will then probably get you to contact your IT team or may even do that on your behalf. It has been known for well meaning but under trained IT people to make a situation worse by doing what they think is the right thing.
Don’t pay the ransom
We don’t pay ransoms… It incentivises the bad guys to keep doing it. If no one ever paid then they would very quickly loose interest and stop it. Consider too that there’s no guarantee you’ll get your files back.
Report the attack
I’m assuming if you are reading this that you are in the UK, I hope you are in Staffordshire, maybe even Stone, Stafford or Stoke… If you are then you need to report the incident to the National Cyber Security Centre. They can provide further help and assistance and advise if there are other organisations that you must, should or could contact.
I would expect your IT company to be helping with this, if they are not then maybe a contract renew is in order…
Use your backups
If you have backups, then you can restore your files from them. That is what backups are for, after all but make sure that it’s safe to do so, liaise with your insurance company and IT support team. There is no point restoring data to a computer or server that is still infected with the ransomware!!!
How can businesses protect themselves?
In addition to the items listed earlier in this post, here are a few additional bits that you can do to help protect your business from ransomware:
Train your employees
Train your employees about ransomware. Give them examples of what to watch out for, and what to do in case they encounter something suspicious.
Use strong passwords and 2 factor authentication
Ensure that everyone uses good passwords. Also, use different passwords for different accounts. This might make the ransomware spread more slowly. We highly recomend using a password manager such as the awesome bitwarden and even wrote a blog about password managers (this comes up a lot!)
Limit access to key files
One of the key principles of GDPR is to only allow people to access the files that they NEED to access. Not everyone needs access to every file and by only providing access to those needed to perform the job you can limit how far ransomware can spread.
Have a plan ready
I said this already but it’s worth saying again. Have a strategy in place, in case you become a target of ransomware. Exercise it. Preparation will make you swift and thereby contain the damages. The two key documents here are a Disaster Recover Plan (DR or DRP) and a Business Continuity Plan (BCP). The BCP talks about how to ensure you can keep working (taking orders, providing your work product) during an incident and the DR should detail HOW to recover when the proverbial hits the fan. Again, if you don’t have these two documents in place then you need to have a serious word with your Technology partner.
How is ransomware evolving?
Ransomware is getting newer tricks all the time. Watch out for these:
Attacks on phones and tablets
Not only computers but also your phones and tabs could be attacked by ransomware now. Be wary with all your devices.
Double extortion
Some ransomware now steals your data before it locks it. Then the bad guys threaten to share your private info if you don’t pay. This makes the attack even worse.
Attacks on cloud services
Many people are migrating to the cloud for storing data. Ransomware has started targeting those services too. Ensure your cloud accounts are secure.
Stay Safe and Prepared
Ransomware is a serious threat, but you can protect yourself: keep your software updated, be careful online, and always have backups. If you run a business, train your team and have a solid plan. Stay alert and ready.
Do not try to face ransomware on your own. Contact us if you need any help with ransomware or have additional questions.
—
Recent Comments