What to do about Ransomware

What to do about Ransomware

June 30 2017 | Published by Andy Wool | Blog

On May 12th this year we saw one of the world’s most serious and high profile cyberattacks in the form of WannaCry. It rampaged through the NHS and affected thousands of organisations across Europe and the world by exploiting a vulnerability in Windows SMB (Server Message Block).

Within a few hours, literally hundreds of thousands of machines were crippled.

Yesterday, just when you thought things had got back to normal and all the fuss had died down, here we go again with another.

This time the attack epicentre appears to be Ukraine, with the added concern that computers at the Chernobyl Nuclear plant have been frozen necessitating manual checks on radiation levels.

Before you pick up the phone and call your cybersecurity provider to tighten up all your perimeter and endpoint security measures, you need to recognise that Ransomware is not just another threat type.

It’s not the sort of cyberthreat that can be prevented using technology alone.

This is even more worrying because it can affect any organisation – including global enterprises, corporates and SMEs, utility companies, government departments and, as we have already seen, health services.

If you didn’t think Malware infection risk was a “life and death” issue, at this point you should be sitting up and taking note.

If Ransomware can affect all these types of organisations, many of whom presumably have the capability to spend “whatever it takes” to protect themselves against cyberthreats, what on earth can ‘normal’ organisations do?

Is it even worth upgrading and hardening defences?

As we’ve said many times before at Foursys, it’s the individual network users in every organisation who are the weakest link in the cybersecurity chain.

So: what are you going to do to protect your organisation against Ransomware?

Here are our recommendations.

1) Recognise and accept Ransomware for the critical threat it is

The threat of ransomware must be taken seriously – not just be IT staff and directors, but by every computer user in the organisation.

This is hacking on a new level, an industrial scale even. It’s perpetrated by criminals who are organised, well-funded and highly intelligent. Hacking is no longer a bit of fun for the teenager in his bedroom. It’s a well-oiled business machine.

Ransomware gets into a network via infected email attachments and links – so awareness and vigilance is the most obvious and cheapest form of defence.

Inform the entire organisation of the risks of Malware and make sure they know what to look out for.

2) Train your end users about ransomware

Again, we have talked about the necessity for end user ‘cybersecurity training’ for many months now, so if you’ve already assessed your network users’ level of knowledge and awareness (perhaps using the free Foursys end-user cybersecurity training kit there is merit in revisiting it.

Let’s remind ourselves of why.

a. Criminal hackers are way ahead of most ordinary internet users. They know exactly how to create email scams that look, read, sound and feel exactly like the real thing. Delivery notes, refunds, invoices, payment advice, booking confirmations etc are all examples of perfectly innocent sounding emails that the unsuspecting email recipient would casually open in an off-guard moment. 

b. There’s a widespread and embedded assumption among many workplace internet users that says: “Cybersecurity is not an issue I need to worry about – we’ve got an IT team that takes care of all that kind of thing”. Most individual users are aware of the existence of firewalls and anti-virus. But as these recent outbreaks show, not everyone is yet aware of the true threat of ransomware.

Remember: forewarned is forearmed – so forewarn everyone in your organisation about the risks of ransomware and warn them not to open spam or suspicious emails; nor should they download attachments or click on links in such spam emails.

3) Understand the motivations of ransomware hackers

Getting into the mind of a hacker is a hard – but understanding their motivations is easier.

At an international level, state-sponsored hackers are aiming to cause disruption and chaos, hence targeting critical institutions such as utilities, government departments and healthcare facilities.

Evidence for this lies in the fact that many of the bitcoin accounts and email addresses associated with the WannaCry outbreak proved to be fake – suggesting that the perpetrators were not necessarily interested in profiting.

For the purposes of extortion however, ransomware hackers target business organisations because they know that business organisations:

  • Rely completely on IT systems down to an individual computer level, which if encrypted will cause major disruption;
  • Are prepared to pay for fast resolution – and have the funds to do so;
  • Operate computer systems that are complex and multi-layered, with multiple components which may become outdated and exploitable;
  • Employ human network users who are the weakest link and easily fooled into making mistakes
  • Would prefer to keep quiet about any ransomware attack for various reasons.

4) Combine backups with a disaster recovery plan

Use a disaster recovery solution such as Quorum’s "Disaster Recovery as a Service" (DRaaS).

Modern disaster recovery solutions provide all types of organisations with backup and recovery capabilities at the local and remote level.

All data is critical, whether on a local PC, network server or cloud file shares. The Quorum solution combines capabilities for:

  • Backup
  • Deduplication
  • Replication
  • One-click instant recovery
  • Automated disaster recovery testing
  • A range of other tools for testing and archiving.

This makes it ideal for dealing with a ransomware attack, an event which by definition will send organisations into stress and panic mode.

Most time-poor, budget-conscious organisations cannot afford to commit resources to redundant systems, just on the off chance of a malware or ransomware or other malware attack, and this is what makes Quorum such a good choice.

Organisations deploying Quorum’s DRaaS solution avoid the cost of funding, designing, staffing and maintaining a secondary data centre. Quorum’s backup disaster recovery (BDR) solution makes a copy of all critical systems, creating an exact replica of servers as part of a snapshot-based backup.

In the event that the organisation’s systems succumb to a ransomware attack, encrypting files, servers or applications, the Quorum solution allows them to run copies on a secure BDR platform indefinitely, until the systems are clean and back online.

Speak to a Foursys security expert now to arrange a review of your network security infrastructure and systems. Call now on 01284 788900 to find a security solution that’s right for your organisation.