Understanding a ransomware attack and how to prevent it
Ransomware is one of the biggest security problems on the internet and one of the biggest forms of cybercrime that organizations face today. Ransomware is a form of malicious software – malware – that encrypts files and documents on anything from a single PC all the way up to an entire network, including servers. Victims can often be left with few choices; they can either regain access to their encrypted network by paying a ransom to the criminals behind the ransomware, or restore from backups or hope that there is a decryption key freely available. Or start again from scratch.
In May 2021 the colonial pipeline CEO paid ransomware attackers $5 million to restart its oil pipeline. The event caused a delay of supply, resulting in a serious shortage of gasoline on the East Coast.
It can be a headache for companies of all sizes if vital files and documents, networks or servers are suddenly encrypted and inaccessible. Even worse, after you are attacked with file-encrypting ransomware, criminals will brazenly announce they’re holding your corporate data hostage until you pay a ransom in order to get it back.
Why are small businesses targets for ransomware?
Small and medium-sized businesses are a popular target because they tend to have poorer cybersecurity than large organisations. Despite that, many SMEs falsely believe they’re too small to be targeted – but even a ‘smaller’ ransom of a few hundred dollars is still highly profitable for cyber criminals.
How do you prevent a ransomware attack?
With large numbers of ransomware attacks starting with hackers exploiting insecure internet-facing ports and remote desktop protocols, one of the key things an organisation can do to prevent itself falling victim is by ensuring, unless it’s essential, that ports aren’t exposed to the internet if they don’t need to be. ClickAway IT Services can ensure your small or medium business is protected from ransomware attack to the fullest extent. But what else can you do?
When remote ports are necessary, organisations should make sure that the login credentials have a complex password to protect against criminals looking to deploy ransomware from being able to crack simple passwords using brute force attacks as a way in. Applying two-factor authentication to these accounts can also act as a barrier to attacks, as there will be an alert if there’s any attempt at unauthorised access.
Organisations should also make sure that the network is patched with the latest security updates, because many forms of ransomware – and other malware – are spread via the use of commonly known vulnerabilities.
EternalBlue, the vulnerability that powered WannaCry and NotPetya, is still one of the most common exploits used to spread attacks – despite the security patch to protect against it having been available for over three years.
When it comes to stopping attacks via email you should provide employees with training on how to spot an incoming malware attack. Even picking up on little indicators like poor formatting, or that an email purporting to be from ‘Microsoft Security’ is sent from an obscure address that doesn’t even contain the word Microsoft within it, might save your network from infection. The same security policies that protect you from malware attacks in general will go some way towards preventing ransomware from causing chaos for your business.
On a technical level, stopping employees from being able to enable macros is a big step towards ensuring that they can’t unwittingly run a ransomware file. At the very least, employers should invest in antivirus software and keep it up to date, so that it can warn users about potentially malicious files. Backing up important files and making sure those files can’t be compromised during an attack in another key.
opens in a new windowClickAway provides virus removal and ransomware attack prevention services throughout the Bay Area for both small businesses and individuals.