How to protect against ransomware attacks

You don’t have to paint a picture to describe the seriousness of being unable to access information on computers. Yet, hospitals, governments, and major companies are finding out first-hand how damaging cyberattacks – specifically ransomware attacks – can be.

These entities and more fell victim this month to what CNN is reporting as one of the most damaging cyberattacks in history. The nefarious program in question ‘WannaCry’ is typical of cryptolockers and other ransomware, ‘locking’ files on infected computers and servers until the affected parties pay a ransom to access their own files. Thankfully, an exploit was quickly found to shut down the attack, reports the Guardian, yet this fix is only a temporary bandage in the ongoing battle against cybercriminals.

Ransomware acts fast and can cripple businesses in an instant. However, businesses are by no means sitting ducks. Technologically competent businesses that engage in safe online behavior, frequently backup, and seek out help and advice from the experts should never have to pay cybercriminals, even if they find themselves affected by a ransomware attack.

What makes ransomware so damaging?

Ransomware attacks, or cryptolockers as they’re otherwise known, are particularly damaging because of their simplicity and effectiveness, according to Imagetext Integrated Solutions technical director, John Preisig.

To avoid paying the ransom, businesses need to have a backed up copy of the affected files.

Ransomware software acts like a virus, making its way onto the desktop of  a victim through a suspicious email, website, or if someone has not read the terms and conditions and has ‘accidentally’ given the software permission to install itself. Once installed, the program quickly eats through all the programs and files on the affected computer, as well as any networks the user has access to, ‘locking’ those files so no one can use them.

The process takes minutes, and can even affect files hosted on cloud-based applications such as Dropbox and OneDrive. Once the cryptolocking begins, the perpetrators will make themselves known, and direct victims with instructions on how to pay the ‘ransom’ – usually in the form of bitcoins.

To avoid paying the ransom, businesses need to have a backed up copy of the affected files in their unencrypted state, from a time when they were ‘healthy. Depending on the situation, ransomware can go across backed up files and drives if they are attached to the system at time of infection.

Provided backups are done regularly and effectively, it’s a straightforward matter of deleting and restoring the affected information. However, that in itself can be costly to businesses, says John.

“A lot of people backup every day. But how long does it actually take to restore these files? You could still be potentially down for days, depending on the volume of restoration.” 

Even if it’s just one day’s worth of information, there’s a cost involved in that lost productivity, says John, which is why it’s important to not rely on backups as a way to counter ransomware threat.

What should businesses do in the event of a cryptolocker attack?

The longer the ransomware has to act before it is stopped, the longer it will take to recover.

In the unlikely event of a ransomware attack, the first thing to do is isolate and turn off the server, says John. Ransomware almost exclusively originates on a desktop, but it will quickly start affecting any networks the user has access to, including files stored on a server or via the cloud. Preventing that access as quickly as possible is critical.

Time is of the essence, as the longer the ransomware has to act before it is stopped, the longer it will take to recover, says John. Once the server is safe, it’s a simple process of calling in the experts to locate and isolate the cause of the attack, and restore any locked files in a safe and controlled environment.

How to protect against future attack

Preventing ransomware attacks in the first place is a simple process. The most effective way is to ensure antivirus software is up to date. Yet for businesses, this often comes down to ensuring individuals are following this best practise.

For this reason, it’s a good idea to have someone who can come in to provide backups and monitor potential threats. By identifying individuals within a company who are engaging in risky behaviour – such as bypassing the antivirus update process – businesses can better protect themselves from any future incidents.

To find out more, get in touch with Imagetext Integrated Solutions today.