Intersys Logo
Menu

Managed IT Support

A Reasonable, Fixed Monthly Fee for All Your IT Needs
Managed IT Support Provider

Consulting Services

The High Level IT Consulting Services You Need to Transform Your Business
Get IT Consulting Services

Cyber Security

A Comprehensive Range of Cyber Security Services for Robust, Industry-Leading Protection
Get Cyber Security Services

IT Solutions

Whatever your IT needs, we'll create a tailormade solution for you
Get IT Solutions

Ransomware Prevention and Advice: What Every British Organisation Needs to Know

If it feels as though ransomware stories are making the news more often these days, you’re not wrong. Some of the most recent headline-grabbing ransomware attacks include  Royal Mail suffering what is believed to be a Russia linked-campaign, as well as last month’s suspected ransomware attack on The Guardian’s IT systems.  And according to recent research, the UK suffers the third highest number of ransomware attacks globally, with small businesses in particular becoming a prime target for ransomware criminals.

In 2020 alone, cryptocurrency ransomware payments totaled roughly $350 million according to Chain Analysis. At The Cipher Brief Annual Threat Conference, Fleming explained “[...] the reason it is proliferating is because it works. It just pays. Criminals are making very good money from it and are often feeling that that’s largely uncontested.”

With this troubling news in mind, here’s our advice for ransomware prevention.

What is ransomware?

Ransomware is malicious software, or malware, that locks your computer, or encrypts your files, until you pay a ransom. Some ransomware can even infect whole networks. Once it has locked you out of your computer, or encrypted your files, it will post a message instructing you to pay a ransom in order to regain access to your files. The size of the ransom demand varies and must usually be paid in a cryptocurrency such as Bitcoin. One of the most infamous ransomware attacks was WannaCry (believed by most experts to have originated in North Korea) which brought the NHS to a standstill in 2017. According to Lindy Cameron, CEO of the National Cyber Security Centre (NCSC), of all cyber threats, “ransomware presents the most immediate danger to the UK, UK businesses and most other organisations – from FTSE 100 companies to schools; from critical national infrastructure to local councils.”

How did ransomware get on my computer?

Typically, it is downloaded onto a computer when a user is tricked into opening an email attachment via social engineering cybercrime. This can take many forms, including phishing, smishing or vishing attacks. Some cyber criminals even use software such as EvilProxy to bypass multi-factor authentication.

You can also unwittingly download ransomware by clicking a link or visiting a website that’s embedded with malware. Ransomware can also be introduced to a computer system by connecting an infected device, such as a USB stick.

Does ransomware steal personal data?

Potentially. In the first half of 2020, just over 11% of ransomware attacks also included overt data theft. Often this stolen data is used to intimidate ransomware targets into paying up, by threatening to leak their confidential data online. The actual percentage of attacks including stolen data may be much higher however, as some attackers covertly steal data to sell on the dark web.

Does paying ransomware work?

Although the temptation to pay the ransom may be strong, doing so offers no guarantees that you will get your files and/or computer access restored. Furthermore, doing so may make it more likely you will be targeted again. The British government and public sector do not pay ransoms, and the NCSC advises against doing so. “We would say we would prefer people not to pay because that’s what keeps the UK safest collectively,” said Cameron.

Should I report ransomware to the police?

If you are the victim of a ransomware attack, you should report it to the NCSC. Victims in England, Wales or Northern Ireland should also report the attack to Action Fraud, the UK’s national reporting centre for fraud and cybercrime.

Under GDPR, a ransomware attack is considered a data breach, so you must also report it to the Information Commissioner’s Office (ICO) within 72 hours.

 

How is ransomware detected?

By the time you see the ransom demand, the damage has already been done. To prevent losing access to your data, ransomware needs to be detected before it’s had time to complete the encryption process. This is far from easy as ransomware typically operates in the background to avoid detection. In addition, the virus often hides inside another, innocuous-looking, program. However, if you suspect that your files are being encrypted, put your computer into hibernation mode and contact a cyber security specialist.

Can you get rid of ransomware?

Unless you pay the ransom – which is not recommended (see above) — decrypting files encrypted with ransomware is next to impossible. It goes without saying that the best way to protect against ransomware is to take steps to prevent it from infecting your computer system to start with; and have a good back-up and recovery plan in place to mitigate against an attack should one occur.

Ransomware Prevention

Depending on the scale and nature of your organisation, strategies for protecting against ransomware range from simple to complex. Organisations that hold sensitive data will almost certainly need to employ the services of cyber security specialists.

At a minimum, all organisations should employ the following:

Keep software up-to-date
  • Don’t use outdated software, or make exceptions for older or obsolete systems, unless the risks are analysed and they’re separated from the rest of your infrastructure
  • Make sure all systems are patched in a timely manner
Educate your workforce
  • Provide regular, ongoing training in good cyber security hygiene so that your workers know how to spot fraud and phishing emails more easily
  • Instil in them the importance of not sharing personal details with unsolicited callers, or in response to unsolicited emails, as well as taking care with what they share on social media.
  • Remind workers to never use unknown devices such as USB sticks
Control access
  • Operate on the principle of least privilege, or even Zero Trust. Read our blog post to understand the basics of this security concept.
  • Review and remove unnecessary user permissions regularly
Backup your files
  • Test backup plans and ensure you have offline historical archives and backups (disconnected from live systems)
Other tips:
  • Never run macros, software, services or visit links you don’t trust fully
  • Employ security controls on ‘Bring Your Own Devices’ and centrally manage them
  • Use MFA and password vaults
  • Use sandboxing tools
  • Don’t use public wifi without a VPN
  • Perform due diligence on your suppliers
  • Audit your network regularly to spot changes

Says Fleming, “It’s not rocket science to defend against this sort of stuff; we know that if you do fairly basic cyber security … you’re going to protect yourselves or at least make you harder to attack than competitors, and therefore you won’t be as much of a target.”

Intersys is a cyber security specialist offering ransomware data recovery services for all organisations. We also help businesses implement the cyber security, and data backup and recovery best-practice that helps protect them from this growing threat.

Stay up to date with IT Industry news

Subscribe to our newsletter

Please enable JavaScript in your browser to complete this form.

Subscribe to our newsletter

Please enable JavaScript in your browser to complete this form.

In other news

December 4, 2023

A Haven of Hope

linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram