The recent WannaCry ransomware attacks were remarkable for two reasons. One, they exposed a glaring hole in the NHS’s security systems, and two, they were apprehended by a knight in shining armour (albeit inadvertently).
Said hero – blogger and security expert Marcus Hutchins – later declared that he expected the ransomware to return under a different guise, a sentiment echoed by many other security experts.
Now, while we can’t predict if or when that will happen, or if Hutchins will come the rescue a second time, we can offer some tips to avoid being held to ransom.
Knowing what to look out for is half the battle…
What is it?
In the old days, ransoms tended to be issued by masked gunmen for hostages, the safe return of whom was somewhat guaranteed in exchange for a sum of cash. Ransomware works on the same principle, only there are no gunmen and you might not get the data back.
Ransomware is an unwanted programme which gains access to your systems and then begins to encrypt everything it can get its grubby little hands on. If it isn't stopped it will encrypt the whole system, servers and all (dependant on if any stops are put in place).
It was used initially to target individuals but there is a growing trend for business to be targeted too. Initially, this was only big businesses, but now it's small businesses who are being targeted as they don't have the robust systems that larger companies have in place as standard.
What’s the risk to business?
Most businesses have sensitive data, and most have sensitive data that is critical to their operations or that they don’t want in the public domain. They also have much higher budgets to be able to pay ransoms should they decide t do so (we always recommend not too).
Typically, until a ransom is paid, you'll be locked out of everything and even if it is paid they are more likely than not to keep the block in place stopping your business operating.
What to look out for?
Most people aren’t aware that they have ransomware until they receive the ransom request or until a splash screen prevents access to their machine. More subtle signs are missing file extensions e.g. .doc, .exe, or files that won’t open.
An up-to-date antivirus is a good place to start, though new variants of malware may be able to slip the net. In that instance, your next line of defence is your staff.
Encourage vigilance and warn against opening attachments from unsolicited emails.
Finally and most importantly always, always have a backup of your data. If you have an updated version of everything it is easy to restore it, rather than obey the whims of a company which has illegally encrypted your data in the first place. Make sure that backup is fully tested and works on a regular basis, and then even if the worst happens you have a disaster recovery option.
Online backup is a great way to go, with an external hard drive plugged into the machine being useful too. Old tape backups are notoriously unreliable and the only way to be completely protected is to have an onsite and offsite backup which has been fully tested.
For help and support with a range of IT services, contact Nutbourne on 0203 137 7273.