In our last post, we looked at how Ransomware is developing and evolving. We discussed some of the ways that you can prevent yourself falling victim to a ransomware attack. As well as how you can improve your cybersecurity overall. This week we’ll take a look at the steps you can take to recover from a ransomware attack. Looking at the processes, practices and procedures you need to have in place to successfully resurrect your business if you get hit.
Ok, I’ve been hit by ransomware. What do I need to do?
“The first question to ask is can you get any of your data back?” says Nutbourne Technical Director Patrick Burgess. “If so, what can you get back? If you can get some data back, then the chances are you can operate the business in some capacity. However, If you have a dated approach, i.e. all your information is stored in one place and it’s been encrypted by ransomware, then you have huge exposure to that ransomware – .”
Ransomware attacks are becoming autonomously intelligent, so they don’t require someone to manage them, other than for initial distribution. Once ransomware has encrypted your files, it reports back to the distributor, letting them know that it has found a target and that it’s a business. Once the distributor knows they have all your files then it’s going to be very hard to get them back
Should I pay the ransom?
It’s worth pointing out that ransomware companies have an incentive to return data. They know if the company they’ve attacked cannot operate then it cannot pay it’s bills and will soon be out of business. So unencrypt
“Ransomware becomes headless after a while,” Patrick adds. “They grow and adapt iteratively and can be modified by anyone. Sometimes there are versions that contain coding mistakes, or where their command and control servers have been taken down. In those cases, the ransomware is just floating around the internet. It’s able to perform the first part of its task and seed a network and encrypt files – it’s just reporting back to nobody. So in that instance you could pay a ransom into the Bitcoin wallet, but there’s nobody at the other end that knows anything about it and therefore no one who will unlock your files.”
How do you mitigate the risk?
There’s no two ways about it, the threats are becoming increasingly advanced. So any old systems, legacy software, platforms and software that are no longer supported by patches, are now very vulnerable. They’re open to more attacks because there are more holes in the system.
“It’s often the case that companies don’t have the money or plans in place to respond quickly to these threats if they’re attacked,” Patrick says. “In the immediate aftermath of an attack, there’s a tendency to dramatically overhaul the system, which a false economy. It’s a break-fix mentality that focuses less on tune up and more on reinvention.
“IT is moving away from that kind of model, which is good news for companies on smaller budgets and their subsequent cybersecurity solutions. There’s a move towards a subscription-based model. This means that upgrades are smaller but constant, so you are well protected and also less vulnerable. It also means that your IT is kept moving in the right direction. So you’re not paying £50k for a five year system, but £10k a year for a system that’s never out of date. This allows you to have a smaller budget. If you’re iteratively making things better all the time, rather than saving that money up, it also becomes much more financially viable to stay one step ahead.”
Are there some simple, cost effective solutions?
Yes, there are. Microsoft, for example, offers free Office 365 licenses for email to charities. You can have as many as you want. And you then get email platform, free of charge. You’ve got to pay to do the project, but normally that’s quite reasonable and is only a one-off cost.
Microsoft also give massively reduced prices for their E3 plans and their business plans to charities as well. This product would give you your Office software and your security patches at a reasonable price as well. It doesn’t have to be a case of spending a lot of money to get this right.
Patrick says. “It comes back to identifying what your information is and where your threats are. What are the biggest risks to the business? How can we make things move forward?”
What’s one thing I can do today to mitigate my risk of ransomware attack?
“I always recommend diversifying the network,” Patrick advises. “So take all of your eggs out of one basket. Move some of your business-critical data – the core of what you need to run – into the cloud. If your info is , then there’s a much better chance you will get back up and running in the event of a ransomware attack.
“We see many clients taking their email out of the local environment and putting it into the cloud. And many others take their CRM system, databases, and move them to the latest version of the cloud as well. If you’ve got a Sage account system, don’t have that on the same database locally, move your Sage accounts to Sage Cloud. Start to diversify, over time, and you will see benefits.”
, when it comes to cybersecurity solutions, is that.
There’s an increasing focus on cyber insurance, isn’t there?
Cyber insurance is a growing market. It is something recommend businesses take out, especially those on smaller budgets. “It’s something we regard as critical for businesses now.” says Patrick. “The big providers like Hiscox, Chubb and Aviva offer some great policies, which are affordable month to month. They mitigate a huge amount of risk.”
The policies can be worth their weight in gold, because in the event of a ransomware attack, you have peace of mind over the cost of investigation, fines and rebuilding work (policies differ of course, this is a generalisation) – you have passed that risk immediately. “It gives you some breathing space to hire people or teams to rebuild your data, your systems and your network. All things that could preserve or even save the business.” Patrick says.
“Of course, if you are breached you need to give the ICO answers. You will have to demonstrate what happened, how it happened and what was lost. You will need someone to provide that professional information. And if you don’t have that in-house, which most businesses don’t, someone’s going to have to come and do that. And that’s not cheap. If you don’t have cyber insurance or something to cover that cost, then it’s a problem.”
,r–, when to implement it If you’d like to find out more about our cybersecurity managed services and IT support, then get in touch! Contact us today on 0203 137 7273.