With several new attacks appearing in the news over the last few weeks you may be wondering what is Ransomware and how do I stop it? Ransomware is a type malicious software that is designed to block access to your computer, devices and/or network until a sum of money is paid. The most well know ransomware in recent years was the WannaCry attack on the NHS which took place in 2017. The attack affected more than a third of trusts in England and caused major disruption across the whole service. This was followed by the NotPetya attack which infected more that 100 countries worldwide in a matter of days. Between 2015 and 2017 the number of ransomware attached increase by 2,000% and the trend seems to be continuing into 2018.
With Ransomware becoming more prevalent the risks to companies are increasing. According to Carbon Black, more than 6,300 sites are currently offering ransomware solutions for cyber criminals to carry out their own attack. Securing IT to protect data is a job that keeps getting harder. Internet connections are faster, threats are more complex and users are more mobile than ever. But if you’re a small to mid-sized organization, you probably have limited staff – at best – dedicated to IT security.
With so many different types of attack possible it can be difficult to completely protect against attacks without sophisticated security software, below are three main tips to secure against Randsomware.
Email Security is Vital
According to Sophos “Email will remain the primary attack vector threatening corporate cyber security, especially in the case of targeted attacks”. Therefore being aware a basic email security can help protect your network. Most ransomware attacks start with a normal email that has an infected attachment such a s a document, photo or other file type. With this in mind you should follow the guidelines below:
- Never open an attachment from an unknown sender
- Beware of hidden email addresses, if the sender looks at all suspicious, check the actual email address before opening anything
- If the email is not addressed to you or has been sent to multiple addresses delete it immediately
- If you think the email has been sent in error check with the sender before opening any attachments
- Overall, if in doubt do not open!
Secure Your Network
When your computer is part of an IT network , a compromise on your personal PC can impact the whole company. In fact, if the ransomware infects the whole network it can put the whole business at risk. With advances in cyber security threats companies now need to take the risk of attacks seriously and ensure that their networks are well protected. Today’s network has evolved from the old days where every service was provided in-house by IT and everyone got a standard laptop and blackberry and worked at their desk in the office, to a situation like we’ve got here where people are using every type of device, to access a bunch of internal and external services, like salesforce, box, evernote, google docks, Skype and more… and they’re doing it everywhere in the world. It makes it extremely challenging for IT to secure everything effectively while still enabling everyone to be productive. Network security has become extremely challenging for organizations of all sizes.
There are various data security software solutions available which can help secure your network. The Sophos UTM is one such solution which can provide complete protection for all aspects of your environment, from the network, to the endpoints and mobile devices, and the servers. Every Sophos UTM comes with a free Essential Firewall license which provides fundamental security features activated for the protection of company networks. A UTM can provide strong protection with specific features for web, email, and WAF. Site tagging and selective SSL scanning are also being introduced.
Educate Your Team
Despite the number of attacks increasing, many employees are still naive to the dangers of a ransomware attack and in particular what to do if they are targeted. Even the most experienced users can find themselves in a panic. In order to protect your IT network one of the key action points should be to ensure that every employee is trained on what to do should they be subject to a ransomware attack. There are two immediate actions that should be take and these should be known by all within the company:
- Disconnect the device from the internet and internal network
- Try to properly shut down the device and contact IT security department
What Should I Do If I am Hit by Ransomware?
If despite internal efforts you are subject to a ransomware attack and your data gets encrypted then we would suggest the following:
- Do not pay the ransom!! There is no guarantee that paying the ransom will result in you getting your data back and in several recent cases companies have lost their data and their money.
- Do not attempt to decrypt the data yourself. Unless you are an expert in the area, there is a high risk of destroying your data forever. Leave it to the experts and contact your IT security department.