If you’ve kept an eye on the news this week, you’ll be aware of a new ransomware threat on the horizon. As the BBC reported, several hospitals in the US and Australia have had to cancel operations and turn patients away because their systems have been ransomed. As these high-profile cases are usually just the tip of the iceberg and are often a precursor to a wider spate of infections, we thought we’d remind you of the steps you need to take to reduce the risk of ransomware affecting your organisation.
How the new threat is infecting systems
Like many other forms of ransomware, the new threat begins with the hacking of an individual computer. This is usually done when someone within the organisation opens an attachment or clicks on a link in an infected email. Once this happens, the malware then spreads across the system, something that hackers have rapidly been finding new and more sophisticated ways to do. Once infected, the ransomware encrypts your data and prevents access to the operating system. Only when you pay the ransom will you be able to access the information again, though in many cases the data ends up being corrupted.
How to defend against ransomware
1. Install updates immediately upon release
Ransomware works by exploiting vulnerabilities in software. Fortunately, software developers are quickly able to fix these vulnerabilities once they are discovered and will release updates and security patches that will make their applications immune.
Unfortunately, many organisations are too slow in installing these latest updates and patches and leave themselves wide open to infection. A frightening example of this is what happened during the WannaCry attacks of 2017. Thousands of businesses were ransomed in the space of just a few days causing chaos around the globe. Despite the pernicious nature of WannaCry, none of these infections needed to happen as Microsoft had released a security patch to defend against it two months earlier. Those who were infected were the ones who hadn’t updated their software.
The message here is clear: update software and install security patches immediately on release. If possible, enable automatic updates.
2. Fortify your system
Another way to protect your system is to make full use of the tools that can stop ransomware infections. One of the first weapons in your arsenal should be a leading antivirus solution that is capable of preventing even the stealthiest of infections reaching your system. As new threats are discovered every day, it is absolutely vital that your antivirus software is set to update automatically so that the very latest threats can be dealt with.
You must also ensure that your firewall is configured correctly and as most infections come via spam email attachments, you want a robust email filter that can spot and remove emails that are either spam or contain embedded malware.
Many of these tools are available from your hosting provider. Here at WHUK, for example, we use Site Scanner, FortiGate Firewalls and Spam Experts as part of our security measures.
3. Teach your employees to be malware aware
Most infections begin with an employee clicking on a malicious link or visiting an unsafe website. Teaching them to spot and identify suspicious emails and links can massively reduce the chances of your organisation being ransomed. Simple things they can do to reduce risk include:
- Checking the email sender’s name matches up with the email address. An email may look to come from a legitimate sender but the email address displayed in the ‘From’ field may show it is not genuine.
- Checking the real destination of a hyperlink. The text in a hyperlink may be misleading, only by hovering the cursor over the top of it will you see the real destination. Many malicious emails ask people to click on a link to verify account information or login details and this can lead to infection or to usernames and passwords being stolen.
- Check emails for badly written and punctuated text. Cybercriminals might be smart but many of them have poor English skills that make it obvious an email is not from a genuine sender.
You may also consider stopping employees sending and receiving personal emails on work computers. Your system may block infected emails but staff may still be able to click on malicious links when they login to their online Gmail or Outlook accounts.
4. Backups are a necessity, not an option
While all the points mentioned above can help reduce the risk of a ransomware infection, none of them is foolproof. If you don’t have a backup and you are infected, you’re left with the stark choice of paying the ransom or losing your data and having to rebuild your system.
Remote backups stored away from your server ensure your system can be up and running again very quickly and without the need to pay the ransomer. You should make sure your backups are taken as frequently as required to keep your data up-to-date and they should be tested to make sure they are not corrupt. As some ransomware deliberately delays showing itself in order to help it spread, it is important to keep several backups in case the last ones contain hidden infections.
The recent headlines are a clear sign that the plague of ransomware continues to threaten organisations across the world, putting businesses and individuals at risk. Hopefully, this article will have reminded you of the steps you need to take to defend your organisation against such malevolent attacks.
If you require hosting with robust security features, check out our range of hosting services.