Ransomware: what you need to know

The devastation that can be caused by computer viruses and malware is something all businesses cannot afford to ignore. These hindrances are not going anywhere anytime soon (except maybe into your computer), which is why it is crucial for businesses to ensure they are protected, so data is not compromised.

Ransomware has been around for many years with Reveton, Cryptolocker and Cryptowall being most well-known. With the significant threat it brings to organisations, business owners and their employees should know what to look for to stop them being caught out.

Ransomware aims to encrypt files on a system’s hard drive by using an indestructible key. Once a ransom is paid, it is then decrypted by the attacker. The process is supported by the existence of crypto currencies, which facilitate payment to the attackers.

The majority of ransomware occurs via email, often in the form of a shipping notification from a delivery firm, which can appear very legitimate to the recipient. These emails are sent on mass, to maximise the chance of attackers getting a result. And they do - millions of pounds have been paid out to these attackers.

According to an international study by anti-malware software company Malwarebytes, nearly 40 percent of businesses experienced a ransomware attack over the last year. Of these victims, over a third lost revenue and 20 percent had to stop business completely.

Simon Ahearne, managing director of IT and communication company SA1 Solutions, explains there are a number of ways businesses can protect themselves from ransomware.

“Having effective back-up methods in place is a necessity. This way, if an attack does occur, you are able to safely recover your data from a back-up once the infection has been removed. You therefore have peace of mind that you can’t be held to ransom for your data with this back-up method in place.”

Another obvious step is to ensure your business has the most current updates for its anti-virus software. Software manufacturers frequently release new security updates and patches with the aim of stopping ransomware infecting devices from the outset.

Ahearne suggests this can be taken a step further with additional network monitoring software. “This runs above your usual anti-virus software and monitors all traffic as it enters and leaves the network, helping to block anything that may have been missed by anti-virus software,” he added.

Ransomware, like all malware and viruses, is continuously evolving to counteract protection methods, which makes achieving total security extremely difficult. Knowing what action to take if you have been a victim of ransomware is therefore important to help minimise damage.

“Ransomware works on the premise of human weakness, so it needs to be highlighted to everyone in a business that any potential or clearly identified infection needs to be alerted to the necessary department and support service immediately,” Ahearne suggests.

“Measures can then be taken to prevent the infection spreading to other devices and other parts of the network. The back-ups need to be checked to make sure they’re clean of the encrypted data. Once confirmed, the infection can be removed and the data restored.”

If you do not have a clean back-up of the data, you will need to find the ransom note on the infected device. This will assist in identifying the type of ransomware received. Some forms of ransomware have had their encryption deciphered, so if you have one such infection, your data is able to be recovered with the correct decryption tool.

If you are unfortunate enough to have been infected with ransomware that does not yet have a decryption tool, you will be facing data loss. However, it can be surprising how much can be recovered from older versions of documents, emails and their attachments.

“It should only be a last resort to obey the instructions of the ransom note to get your data back. But even if a ransom is paid to attackers, there is no guarantee you’ll get back exactly what was taken. These attackers are criminals after all,” Ahearne concluded.

More SA1 Solutions Posts
The importance of your business’ server
The importance of your business’ server 04 March 2019

The cloud has introduced numerous possibilities for businesses in terms of greater efficiency surrounding data storage, disaster recovery and security.

Read More
5 Reasons why you should consider outsourcing your IT
5 Reasons why you should consider outsourcing your IT 20 May 2018

Having a sufficient IT infrastructure is a fundamental component to any organisation that wants to function efficiently and effectively in this economic market.

Read More
Are staff shortages affecting the UK’s cyber security?
Are staff shortages affecting the UK’s cyber security? 08 September 2017

The UK has recently opened its new National Cyber Security Centre, which is part of a £1.9bn five-year strategy by the UK government to tackle cyber crime.

Read More