Protecting your business from ransomware
Ransomware is a huge risk to businesses around the world. Learn how to deal with an attack, and more importantly, how to prevent one.
How to tell if your computer or files have been affected by malicious software and what you should do if you receive a ransom demand
What is Ransomware?
Ransomware is a type of malware (i.e. malicious software) that infiltrates your device. Your computer or its files become unusable until you pay a ransom to the cyber-criminal.
According to the Annual Cyber Threat Report 2020-211 it is “one of the most significant risks to Australian businesses”. Some examples of ransomware are CryptoLocker, WannaCry and Pegasus.
How does it work?
Ransomware works like other types of malware or viruses. It infects your devices and is usually caused by users who:
- visit unsafe or suspicious websites
- open emails or files from unknown sources
- click on links in emails or on social media
- have unsecure settings, such as weak passwords
Once they have control of your data, they could demand payment within a few days. If you refuse to pay, they can threaten to post your data onto a public website, or onto the dark web to be sold on to others.
What happens to my organisation?
If your organisation is hit with a ransomware attack, there are many serious consequences:
- files with sensitive business information and critical systems become unavailable
- business operations grind to a halt
- customer data is exposed to the attacker and possibly the world
- legal disputes can go on for years.
How has it evolved?
While ransomware has been around since 1989, it has quickly evolved over the last 18 months. This is partially due to Covid-19 and the increased number of people working from home.
A recent article reported that ransomware attacks have increased 60% over the past year2. However, that could be the tip of the iceberg, as many companies are reluctant to report these crimes due to fear of reputational damage.
To combat this issue, the Australian Government has released a ransomware plan that includes mandatory reporting requirements for companies with an annual turnover of $10m or more.
What should I do if I have been compromised?
If you discover that your data has been encrypted and you receive a ransom demand, here are the first steps to take:
- Disconnect your devices
- Stop the ransomware
- Perform a malware scan and removal
- Note down any key details
- Get professional assistance
- Notify your customers
- Report the attack to the authorities
- Protect yourself from future attacks
Should I pay the ransom?
At a recent ransomware webinar held in Australia, an expert said, “If you can pay, they will return.”
And even if you pay the extortion and they return your data, there is no real incentive for them to delete it. Cybercriminals will continue to find new ways to monetise the most valuable stolen data at a later time. It could be months, or even years later.
How can I prevent it from happening?
There are ten simple steps you can take to minimise the chance of ransomware affecting your business. Some of them are technical, while others involve educating your employees.
- Ensure that your anti-virus software is always up to date
- Back-up and restore your data on a regular basis
- Avoid public wi-fi and browse the web safely, e.g. turn on SafeSearch in Google Chrome
- Have clear rules around the distribution of emails and text messages on work devices
- Use secure software to share files and have rules for sending and receiving data
- Use multi-factor authentication wherever possible
- Protect your passwords for online banking, payments and financial transactions
- Set up an administrator account, and don’t use it as your everyday user account
- Protect your devices – includes mobiles, laptops and tablets, online apps, software updates and webcams
- Have written procedures (for all the above) and ensure that staff are regularly trained