How to stop your business from being held to ransom
Ransomware is a threat that comes in many shapes and sizes. It encompasses all malware that holds data hostage, usually in exchange for payment. This can mean encrypting an organisation’s data to stall operations until it is released, or taking the data and threatening to release it publicly if payment is not made. It can target one particular user in an organisation, the entire workforce in a company, or even multiple companies at once.
As well as operating in different ways, ransomware can also infiltrate a network through a number of methods, including (but not limited to) phishing campaigns, exploit kits, zero days or malvertising.
Ransomware also comes loaded with a moral conundrum for companies – by paying to recover their files they fund the criminals and the development of more sophisticated ransomware. It is a vicious cycle that means the problem isn’t going anywhere.
WannaCry: the zenith of ransomware
While ransomware attacks date back as far as 1989, most security professionals’ minds will jump to the global WannaCry attack, in May 2017. Here, hackers used a technique that combined their ransomware with the NSA hacking tool EternalBlue – turning WannaCry into a cryptoworm that could self-propagate, needed no user interaction, and consequently spread at a rate never seen before. Over 230,000 computers were hit across the world, with huge organisations such as the NHS, Nissan, and FedEx among those affected.
The impact of the WannaCry attack was immense – it cost the NHS alone nearly £100 million, and was the first cyber crime to lead to a meeting of the UK government’s emergency COBRA committee.
The variation in the victims of the WannaCry attack (with other affected organisations ranging from car manufacturers to police forces), demonstrated that no one is safe when it comes to this type of hack. Although the WannaCry epidemic has passed, hackers are still using EternalBlue, and research suggests that it’s now even more popular than it was when the WannaCry attack happened.
With the threat of a ransomware attack still very much at large, businesses need to take proactive measures prepare and protect themselves.
How to prevent your business from being held to ransom
In spite of the many forms and methods of ransomware, it remains just another class of malware, and there are best-practice steps that can be taken to dramatically reduce the chance of that dreaded demand screen appearing on your company’s computers:
Ensure your antivirus is up to date. This is a simple piece of advice, but one that people continue to forget. Antivirus is not going to completely solve the problem – it is based on known signatures, so new types of malware (which are constantly being developed) will likely slip through the cracks. However, you don’t want to be caught out by known malware, and ensuring your AV is installed and updated across all endpoints works as an effective first line of defence against many ransomware strains.
Patching. Again, this seems fairly obvious, but a world-wide apathy towards patching is effectively what allowed the WannaCry attack to cause the devastation it did. While employees may think updating their applications is time consuming and disruptive (admit it, how many times have you clicked ‘no’ on a Windows or Apple notification to download the latest software), it is necessary to fix system bugs and vulnerabilities. The IT department’s struggle is how to enforce company-wide update. But the simple fact is that failing to update means leaving your business open to cyber attacks.
Employee education. Educating your employees is crucial. Carry out a security awareness training programme so that staff know how to be diligent in the face of potential cyber attacks – and that the questions such as ‘do I know this sender?’, ‘did I order this product?’ and ‘is it safe for me to click this link?’ are at the forefront of all employees’ minds. Your business is your staff, and increased security knowledge will be a huge help in preventing you from falling victim to a ransomware attack.
Filter email servers. While WannaCry used an NSA tool to break into networks, most ransomware attacks will use much more simple infiltration methods, relying on poor security practices. One of the most common ways that ransomware (and malware generally) reaches victims is through email phishing campaigns. While employee education is important, it can only go so far – sooner or later someone will slip up and click a dodgy link if the proper protections are not in place. To lower the risk of malware entering your organisation’s inbox and infiltrating your network, you should use software that blocks executable content. Stop these emails, and you’ll massively reduce the risk of a cyber attack.
Limit employee access to company data and dangerous online content. Again, this is about limiting the opportunity for your employees to put your company at risk. Does everyone in your company have access to everything on your organisation’s system. If so, is that really necessary?
The weakest point in your network always is and always will be human error – with research showing that staff are constantly downloading files they shouldn’t, and click dodgy links in their emails. Limiting staff access will go a long way to reducing the threat surface.
Internally, you should limit the data that employees have access to so that Jim from HR’s computer being compromised won’t mean that valuable financial information – that Jim shouldn’t have access to anyway – gets into the hands of the attackers. Externally, limit the ways in which employees can endanger themselves. Use web security tools to monitor the sites your employees visit and restrict access to anything that is potentially dangerous. Limit the authority to install software only to those who need it. These steps will seriously reduce the odds of Jim inadvertently downloading ransomware, and even if he manages to, it will mitigate the damage that can be done.
Don’t forget to secure your cloud applications. We’ve covered off email and web threats, but one malware channel that organisations typically overlook is the cloud. Cloud applications have brought a great deal of benefits to organisations, but also many potential points of vulnerability. The average organisation uses 1,000 cloud applications and a vulnerability in just one could be a potential door for ransomware to infiltrate. As we have previously discussed, cloud-only malware is on the rise, and has a completely different modus operandi to traditional malware. To combat this emerging threat, organisations need to establish visibility and control over their cloud applications and begin to treat it in the same way they’d treat emails: scanning for malware and acting swiftly to quarantine threats.