How to prevent and recover from ransomware
Businesses are extra vulnerable to ransomware right now. Staff are more likely to be working on unsecured networks with default passwords, files are being transferred via email instead of secure server, and mobile devices are being targeted more often.
What is ransomware?
Ransomware is a malicious attack that locks or encrypts your computer and data, demanding a ransom to return access. Your files haven’t been lost but are encrypted. The cost of ransomware to New Zealand in 2019 may have been as high as $41m, estimates security firm Emsisoft. And according to a Skybox Security report, ransomware attacks have become more frequent during the pandemic.
Covid-19 provides an emotional hook for attackers to use at a time of heightened stress; scams have included communication masquerading as Ministry of Health or the World Health Organisation. Another new approach from attackers is to threaten the public exposure of sensitive data.
How to protect yourself from ransomware
Back up your files and set reminders to do it regularly. Use a trusted cloud-based storage or physical backups. A weekly backup is a minimum, and essential files should be backed up at least every 24 hours.
Always update your apps and operating systems because these include patches to security holes.
Don't enable macros in Microsoft Office. Macros automate common tasks, but they also pose a security risk; a malicious macro can act like a virus.
Install antivirus software and firewalls. If these are managed by a third-party, keep your contracts up to date.
Check that your antivirus platforms include protection against ransomware, as well as other security threats.
Offer regular cyber security training to staff, especially with information about remote work.
Set robust cyber security policies for regular software patching, sanctioned app usage, secure file transfers, strong passwords, and two-factor authentication.
Minimise your attack surface (the platforms vulnerable to attack) by limiting the systems exposed to the internet. For example, do not allow direct remote desktop access to your servers over the internet.
Use secure Virtual Private Networks (VPNs) for remote access.
Security is an ongoing process of continual improvement. Run security reviews regularly and track progress against your organisation’s desired level of risk and compliance.
I’ve been hit with ransomware. What should I do?
Don’t pay the ransom. There's no guarantee that your data or devices will be returned to you, and it encourages repeated attempts.
Your IT support can check if the ransomware is real; some attackers are bluffing, and your files aren’t encrypted. If it is real, IT may be able to remove it.
If your files have been backed up recently, you can restore the backups. If no backups are available, then the operating system or factory settings can probably be restored, but your files may be permanently lost.
After recovering your backups or restoring your factory settings, seek advice and install security to protect you from future attacks.
If you are concerned that you might have gaps in your security, Brightly can help. Get in touch.