What Can I Do to help protect My Business from a Ransomware Attack??
Ransomware encrypts your data so you can’t access it and or the criminals who do have access to your data can threaten to distribute the data publicly.
The cost of a data breach is not just the loss of Data, business disruption and IT costs but also the potential damage from lost confidence in your business. It’s a legal obligation to publicly disclose loss of client information.
Unfortunately, Antivirus (AV) software has limited ability to stop a Ransomware attack, this is because traditional AV uses a signature to identify viruses. Many ransomware viruses have a unique signature on every infection. It takes time for AV vendors to identify signatures, produce a patch and distribute the patch. Not every business has a patch management plan in place.
The most recent ransomware variant WannaCry took advantage of a known Microsoft security flaw to rapidly jump across networks and affect any PC or Server on a network that wasn’t patched.
Is Ransomware going to be an ongoing problem? Absolutely!!! The growth in Ransomware was 35-fold in 2016 alone. Bitcoin ransom payments are virtually impossible to track.
Here is a list of activities, products and services that Acronym recommends to help fight Ransomware, it’s by no means an exhaustive list and it’s just based on what we know. Each organisation should way up the cost benefit of doing some, all or none and make a judgment.
How to help fight Ransomware:
-
Ensure your devices are fully patched and patching is regularly performed: (a) Windows Operating System (OS) patches (b) Third-party Applications e.g. Adobe, Java etc. (c) Antivirus (AV)
-
Some AV can help prevent the spread of ransomware by monitoring the activity on your device or network. This is known as Behavioural Analysis. So, if ransomware affects your device or network the damage can be minimised.
-
Firewall Sandboxing and cloud based filtering, some firewalls and cloud services can monitor web traffic looking for ransomware type activity. Suspected files can be detonated in what’s called a sandbox, this is a virtual environment outside of your internal network and try and determine if the web traffic is safe. All internet activity across your organisation is logged, categorized by threat and content, and where necessary blocked.
-
Microsoft provide an email threat protection add-on for most office 365 subscriptions. This solution helps prevent staff from accidently clicking on a malicious email attachment or a malicious email link. The system uses Artificial Intelligence (AI) and Machine learning to open attachments and links outside of your physical network to help detect threats. Information can be found on the Microsoft website https://products.office.com/en-nz/exchange/online-email-threat-protection.
-
Lastly Backups are critical to help fight Ransomware attacks, if you have access to your data much of the threat is diminished for many organisations. However, you need to ensure you are not just relying on cloud based backups that synchronise files such as Dropbox for example, where if ransomware encrypts data on a local device this can spread to your synchronised files and encrypt your entire cloud storage also. Acronym recommends cloud based backups that take incremental, encrypted, compressed snap shots of your data. Backing up to multiple platforms is highly recommended, ideally there is an air gap to one of your backup solutions where your backup is not physically connected to your device or network via cable or internet.
Acronym have a range of fully managed solutions where we can take care of these services for you and send you a monthly report in plain language so you understand your Business’ level of protection. Why is the report important? Because devices can either not be connected to your network or switched off when the updates are scheduled. It only takes one poorly patched device on a network to cause you grief.