As a business owner or manager, you need to address a range of cybersecurity threats. Ransomware is one of the most widespread and insidious.
Ransomware is malicious software (malware) that encrypts files or locks computers. People or groups behind ransomware attacks demand payment – often in digital currency – to restore access.
Ransomware can infect a business or government organisation in many ways. For example, a worker may inadvertently open a malicious attachment or click on a link in a phishing email to a malware-laden website. Once ransomware infects a computer or network, it may seek to spread to vulnerable shared systems.
According to the 2018 Internet Organized Crime Threat Assessment from Europol – the European Union’s law enforcement agency – ransomware remains the key threat in law enforcement and industry reporting.
In 2017, ransomware attacks called WannaCry and NotPetya – that exploited vulnerabilities in older or unpatched versions of Microsoft Windows – caused billions of dollars’ worth of damage to businesses and organisations worldwide. Industry experts expect similar attacks to occur in future.
So how can your business protect itself against ransomware attacks? The following steps may help minimise the risk of infection.
- Promptly apply patches and updates to all software on devices connected to the network. Automate this process where possible.
- Undertake regular backups and keep them off the network. This protects the copied material from infection if a ransomware incident does occur.
- Install anti-virus software and keep it updated.
- Use application whitelisting or other measures to limit the execution of unauthorised software.
- Undertake education programs to make workers aware of the risks of opening an attachment or clicking on a link in a suspicious email, or visiting unknown websites. These programs should make workers aware of techniques attackers use to trick them into facilitating a ransomware infection. For example, attackers frequently create and send emails that purport to be legitimate communications from government service providers or prominent businesses, but actually include attachments or links to websites loaded with ransomware.
- Develop a plan to minimise damage to the business or organisation if a ransomware incident does occur.
You should note that Australian Government cyber-security bodies typically recommend against paying ransomware owners. There is no guarantee owners will restore access to the compromised files and they or other attackers may identify your business or organisation as a target for future attempts.
If you would like to learn more, please contact us at firstname.lastname@example.org.
By Simon Ryan, CTO