What is ransomware? How to protect your business

What is ransomware and how does it work?

Ransomware is a type of malicious software (malware) that can affect individuals and businesses alike. Ransomware attacks are designed to render your data and information unusable, either by blocking access to vital business information or by encrypting your data or files so that you can no longer use or access them. Hackers typically demand a ransom in exchange for the decryption keys and recovering your business information.

Ransomware has been around even before modern computers existed when criminals would hold encrypted files hostage for payment via post. Today, cyber criminals usually expect the ransom to be paid in decentralised cryptocurrencies like Bitcoin.

How common is ransomware?

A cybercrime is reported every eight minutes in Australia, and there were nearly 500 ransomware reports in 2021, according to the Australian Cyber Security Centre. Cyber criminals prefer to target institutions, large businesses, and small to medium enterprises (SMEs) as they equate them with big payoffs in any event of a data breach. Government agencies at all levels can also be targeted by state actors.

How does ransomware get on your computer & devices?

There are a number of ways ransomware can infect a computer or device. One of the most common is via phishing emails or social media messages that contain malicious attachments. Ransomware can also find its way to your systems if a user clicks on a link embedded with a malicious code (called a drive-by download) or on malicious advertising (also called malvertising) when visiting a legitimate but compromised website.

Here’s what to avoid to ward off ransomware attacks:

• Visiting unsecured or suspicious websites
• Clicking on ads or pop-ups online
• Opening emails or files from unknown sources
• Clicking on dodgy links sent via email or social media
• Connecting devices to infected or suspicious networks
• Unsecured settings on a public server (i.e. weak passwords)

Common signs of a ransomware attack

Here are some common tell-tale signs of ransomware infection to look out for:

• Pop-up messages requesting funds or payment to unlock files
• Denied access to your devices, or your credentials failing to unlock your devices
• Files requesting a password or code to access
• Moved or missing files from stored locations
• Files with unusual file extensions or names/icons that have changed

Should you pay the ransom?

NEVER pay the ransom. That’s the golden rule. This is because it’s never guaranteed your business will re-gain access to its files or data, or that your information won’t get leaked. Paying the ransom also puts your business at risk of another attack and only encourages cyber criminals to continue their illegal activities in search of a big pay day.

How to protect your data and business from ransomware

Here are the best ways to protect your data and business from ransomware.

Back up your data: Encrypt and backup your data and sensitive information in a cloud environment to ensure the continuation of your business, even in the event of a ransomware attack. A cloud backup is the same as any file backup, although it’s stored online in a network of offsite servers operated by a cloud storage provider like iCloud or OneDrive.

Keep your software updated: Keep all your security tools like anti-virus software, anti-spyware software, and anti-spam filters updated and ensure that all your third-party software has the latest patch installed. Only purchase security software from a reputable company.

Use a VPN: Use a virtual private network (VPN) to provide your employees secure remote access to internal networks and systems. A VPN re-routes your internet traffic through an encrypted virtual tunnel to encrypt your data and information. This makes it more difficult for third parties and hackers to track your online activity.

Use multi-factor authentication: Use strong password protection and multi-factor authentication (MFA) to bolster the security of your systems and applications. MFA or two-factor authentication requires users to provide more than a single factor of identification (besides a username and password) to access a platform, system, or network.

Take layered security measures: Use multiple security measures to keep your business’ data and systems secure. This includes setting up firewalls to monitor all incoming and outgoing traffic to your computers, password managers, multi-factor authentication, and endpoint security. ‘Layering up’ is more effective than a single solution approach that could leave your business exposed to security breaches.

Training and awareness: Train business employees on how to detect and prevent malware and ransomware attacks in the first place. Run regular training workshops on various topics like how to report suspicious activity, how to recognise fraudulent requests, or how to deal with phishing emails.

Can ransomware be removed?

Removing ransomware is tricky and sometimes downright impossible. That’s why prevention is the best protection against malware infection. If you suspect a ransomware attack on your business, the first thing to do is to unplug the affected PC or device from all wired or wireless connections, including the internet, external hard drives, cloud storage accounts, and network drives. This will prevent the ransomware from spreading to other devices. If you have a system backup (and you should), be sure to recover any recent files and data before you get locked out of your systems. The next best thing is to use a remediation security tool to assess the breach and limit the damage to your business and operations.

A final word

While it’s impossible to prevent every ransomware threat, there are steps businesses and organisations can take to minimise the risks of an attack. A multi-layered approach is always best and this includes backing up your operating systems and using a combination of security tools like anti-virus programs, firewalls, and MFAs to bolster your defences. Contact us via email for more information: enquiries@xiphcyber.com.