Ransomware attack prevention – 5 ways to better defend against an attack
Ransom is defined as ‘the act of holding someone or something hostage in order to get a demand met, or the money paid to get the item or person back.’
Sounds awful doesn’t it?
The maddening injustice. The pain. The worry. The personal invasion of someone physically taking something that belongs to you, and then selling it back to you.
This happens constantly in the digital world as well. With a term we all keep hearing – ransomware.
Ransomware is malicious software that’s designed to deny a user, or organisation, access to files on their own computer. The files are locked and encrypted, and then a ransom payment is demanded by the cyber attacker, before they are given access again.
It’s the kind of attack that takes advantage of any software, network or human vulnerability, infecting their device—which could be their computer, smartphone, wearable device, point-of-sale (POS) terminal, or any network connected device.
On a personal or a professional scale, it feels like it is everywhere. But this is because it is on the rise, of epidemic proportions.
In the recent InfoSec State Industry Report 2022, ransomware was voted the biggest threat vector (28%) by cyber security professionals. This comes after the number of ransomware attacks had jumped a colossal 148% during 2021.
Wreaking havoc across many industries, financial services, transportation, charities, local governments, but also critical infrastructure.
Major US fuel pipeline, Colonial Pipeline, paid $4.4m to hacker group Darkside, after they compromised their network and took the pipeline offline in May 2021.
In June 2021, the world’s largest meat processing company, JBS, paid an eye-watering $11m ransom after a cyber attack threatened to interrupt the food supply chain.
Ransomware is costing UK companies alone around £346m each year.
Organisations can be placed in such a helpless position where just paying the ransom is the quickest way to recover their files and protect their business and its customers.
But the guidance isn’t to just give into the extorsion and pay the ransom. As this just encourages hackers to continue blackmailing. Furthermore, what’s to stop them just dumping any sensitive files on the internet, after they have received the money? Or attacking the same company again?
So what IS the advice?
How can we prepare and protect ourselves from ransomware?
As the threat mounts, the initial step would be to educate employees about the techniques that attackers use. For example, hackers gain access via phishing emails – designed to fool or deceive the recipient that it’s from a legitimate sender, tricking them to either give information or perform an action (i.e., clicking a link). Once the recipient has done either of these things, the hacker then has been let into the network. From here, the hacker can spend weeks inside networks, changing settings, waiting for the right time to initiate the attack.
Good practices such as multifactor log ins, password managers, regular monitoring, as well as common sense and vigilance by all, is a must. We cannot become complacent.
Keeping systems up to date and maintaining good hygiene is vital. Updating anti-malware, patching any vulnerabilities need to be done as quickly as possible.
How regularly do you back up your company and customer data?
The benefit of frequent data backups is that if your systems do become compromised, once the route of the attack has been detected, you will be able to restore your systems using your ‘clean backups’. A working back up should always be in place.
Preparation is important. Develop a plan for what to do when attack does happen. This will enable the business to respond quickly and reduce any downtime.
Being able to identify and detect a breach quickly, is also a key point.
Having full control and sight over a network is a huge benefit, but you need to know what to look for in amongst the huge number of normal everyday legitimate events. Sifting out just the abnormal or unusual actions, identifying them as threats.
A robust process of finding, ranking and addressing risks should be essential.
Trusted Cloud is a unique technology that secures hardware through advanced cryptography, detecting hacking attempts in seconds, helping to minimise the impact of malicious activity.
Working in collaboration with the University of Oxford, CyberHive’s award-winning solution works to detect breaches in real-time, ensuring that no unauthorised code can run undetected throughout your entire server estate.
For more info on Trusted Cloud, and how it could support your business, contact – [email protected]
Get in touch
If you have a question or would like some more information, contact us today.