Being Held To Ransom…
Being held to ransom implies that what has been taken is returned. Ransomware is a completely different beast. Your files are encrypted, your company can’t operate, your reputation is out the window and it’s costing you money – so while you might get your files back if you’re lucky, there’s a big question mark over the other three. Our advice as IT Security London Experts, is to mitigate the risk and make sure you don’t get it in the first place – after all, prevention is better than cash.
Prevention is better than cure
Ransomware doesn’t look like it is going away anytime soon. This means you should have a plan to counter it. Failure to do so could be very damaging. Very few companies have such huge assets that they will be specifically targeted. Most companies that are victims of ransomware are victims of the scatter approach. This is usually an email or website containing a download link which seeds the virus on your network if clicked.
“All businesses should plan for this approach, especially larger organisations, or those on a tighter budget,” says Nutbourne’s Technical Director Patrick Burgess. “Organisations with these profiles struggle to upgrade and patch their systems, so often they’re using old technology because they like to make their technology last as long as possible or cannot upgrade large complex systems fast enough.
“Old machines and operating systems have a lot of vulnerabilities. These vulnerabilities likely don’t even have patches, because companies like Microsoft have stopped patching them. It’s so easy to expose that vulnerability. It only takes somebody to click on a single link and the ransomware is in.”
Invest in IT security London
As with all problems, prevention is better than cure. To stop ransomware getting onto your network is far easier and cheaper than curing it once it’s taken root. There’s two key things you can do. The first is to have simple things like antivirus software internally. Along with web content control and good quality spam solutions at the perimeter of your network. This will drastically improve your IT security London.
“The second thing you can do is to mitigate the spread once it comes in” says Patrick. “One way of doing that is to upgrade your software and equipment. You want to make sure you are on the latest versions. Naturally there is a barrier to that because it can be quite costly. It is important to put natural segregation into the environments to ensure it is harder for Ransomware to spread. Things like ensuring people can access only the file shares they need and user permissions are kept as low as possible. This is just one of the cybersecurity solutions we highly encourage any company to pursue.
“Also to that end, educating your staff, making them aware of how ransomware manifests and accesses networks is very effective. It’s still very common for ransomware to seed on your network via a link delivered on an email. Raising awareness of that is a very effective method of prevention, and is something every organisation can do.”
Be aware of change
Ransomware is evolving and changing to the extent that it doesn’t always behave in the way we expect it to. It used to hit the ground running by finding a file, encrypting itself straight away and you’d be aware of what was going on quite quickly. The antivirus software would then find it and you’d be able to pinpoint where it was on the system. Newer, more sophisticated versions are harder to spot.
“We have started to see different versions of ransomware combine with each other,” says Patrick. “So it won’t seed straight away. It waits and watches, trying to propagate and permeate through the network first. It then looks for other places to reside. Or it searches for ways to escalate its privileges so that it can attack the network on multiple levels.
“We are now also seeing ransomware that can determine busier and quieter days. Making its attack when fewer people are around to notice or detect it.”
With this in mind, it’s important to know what software is running on your network and look for any odd behaviours therein. There are systems specifically designed to do this, such as Carbon Black, but at the basic level it comes down to user knowledge and education. Let them know they won’t be in trouble for reporting the dodgy link they clicked on. Its far better to know about it and have an honest work force who are part of the prevention. Everyone makes mistakes and you want them to put their hand up if they see or do something odd, even if they have significantly compromised your IT security London. Honesty and transparency is key.
Plan for a hit…
It’s a fact of life that companies do and will get hit by ransomware. For those that do, the immediate aftermath is hugely problematic. You leave the office in the evening on Monday and everything is fine. Return on Tuesday morning to find everything has gone and there’s little you can do.
“It’s for that situation that robust, diverse and regular backups are so important,” Patrick says. “You want to be able to quickly roll back to the day before and just resume. What we are finding now though, is that your backup may not be enough because the ransomware was sitting in your system the day before waiting for an opportunity to take over you network.
“So with a backup all you are doing is reverting to 24 hours before when the ransomware was watching and waiting. We’ve seen this before where organisations spend days and days rebuilding the network, and the virus waits another week, and then boom. You come back in the next day and you’re back to square one again.”
Create a business continuity plan around IT security
To get this scenario back online takes a lot more work. Finding the virus is very difficult, so the entire network needs to be isolated. From there, an accurate picture of the threat can be built and you can work to eliminate the threat as a whole, before everyone be brought back online again.
“Your business continuity plan needs to factor in that concept.” says Patrick, ‘It’s an interative process that could take several days to resolve. And that is something your business plan needs to build into, because you need to effectively be ready for that, from a cost to client perspective.
“If you have no IT systems for three, four days while this is being investigated, you need to keep functioning. So you’ve got to have a diverse systems in multiple locations. You need to have phones that divert to mobiles and an email solution that diverts to a point where it can be picked up safely.”
Don’t put all your eggs into one basket
We always advise a common-sense approach to information and IT security. Much of IT security falls down to risk mitigation in a crisis. In the case of ransomware attacks that means getting your organisation up and running as soon as possible. What this looks like in a practical sense is having your critical data, backup and functions stored in separate locations so that they’re easily retrieved and unharmed in event of a ransomware attack.
“It’s a sound strategy to have your emails in the cloud backup and your PC network locally and your main critical software being done by a third party hosted on a web interface,” Patrick says. “The chances of a ransomware being able to take all of those things out are very small if that’s your approach. However, diversity does open up other IT Security issues such as password management which you should be aware of.
“However In that scenario, if you were hit, you could use your local computers or use your phones for business-critical functions like emails and calls. Diversifying your network makes a huge difference as well, because it means that you have access to your information. The bottom line is that ransomware is pretty evil. It wreaks havoc on businesses – but there’s a lot you can do to prevent it, stop it spreading, and crucially ensure you can keep working should you get hit.”
Ransomware can prevent a significant risk to your business. Having an IT project consultant on-hand can be incredibly beneficial. If you’d like to find out more about Nutbourne’s IT services (including cybersecurity solutions), then get in touch!