Ransomware has become one of the most pressing cyber threats for businesses of all sizes. With cybercriminals constantly evolving their tactics, no organisation is immune from attack. However, with the right knowledge and preventative measures, you can significantly reduce the risk that your business encounters.
Firstly, What Is Ransomware?
Ransomware is a type of malicious software, or malware, used to infiltrate a network, encrypt key data, and demand a ransom payment – usually in cryptocurrency – to restore access. Cybercriminals exploit security weaknesses to deploy ransomware, locking organisations out of critical systems and holding their data hostage.
A Brief History of Ransomware
While ransomware has existed since the late 1980s, it surged in prominence during the COVID-19 pandemic as remote work expanded security vulnerabilities. Two of the most notorious ransomware attacks in recent history include:
- WannaCry (2017): A crypto worm that exploited vulnerabilities in Microsoft Windows, spreading rapidly across networks and encrypting data until victims paid a ransom in Bitcoin. The NHS was among its high-profile victims.
- NotPetya (2017): Initially disguised as financial software, this attack caused widespread disruption, particularly affecting global companies with business ties to Ukraine. It’s estimated to have cost businesses over £850 million.
Common Misconceptions About Ransomware
Many businesses assume they’re not a target for cybercriminals, believing ransomware attacks primarily affect large corporations or government organisations. The reality is that cybercriminals look for any vulnerability, regardless of company size or industry.
How to Protect Your Business From Ransomware
- Backup your data regularly
Implementing a robust backup strategy is crucial for protecting against ransomware. Businesses should back up essential data frequently and ensure these backups are stored offline to prevent them from being compromised in an attack. Additionally, organisations should routinely test their backup restoration processes to confirm they can recover data quickly and efficiently.
- Strengthen Network Security
Multi-factor authentication (MFA) should be used to prevent unauthorised access to critical systems. Firewalls and antivirus software must be updated regularly to provide strong protection against cyber threats. It is also essential to restrict user privileges, ensuring employees can only access the systems necessary for their roles, reducing the potential impact of a security breach.
- Keep Software Updated
Ensuring that automatic updates for software and operating systems are turned on is a simple but effective way to patch security vulnerabilities. Businesses should also regularly review all systems to ensure they are running on supported versions, as outdated software can become a vulnerability and a primary target for cybercriminals.
- Develop an Incident Response Plan
A well-prepared incident response plan allows businesses to act quickly should they face a ransomware attack. Identifying critical assets and establishing recovery priorities means that essential functions can be restored as a priority.
Businesses should also have a communication plan to inform stakeholders, including customers and suppliers, about the incident and what is being done.
This is also where employee training on recognising phishing attempts and suspicious activity can be key to strengthening an organisation’s cyber security efforts.
- Steps to Take if Your Business is Infected
If your organisation falls victim to a ransomware attack, a good, yet not exhaustive, list of steps to carry out are as follows:
- Disconnect infected devices from all networks to prevent further spread.
- Disable core network connections, including Wi-Fi and internet access, if necessary.
- Reset passwords for all accounts, ensuring new credentials are secure.
- Wipe infected devices and reinstall clean operating systems.
- Verify backups before restoring data to prevent reinfection.
- Reconnect devices only to a secure and clean network.
- Update and run antivirus software to remove any remaining threats.
- Monitor network activity to detect further suspicious behaviour.
Why You Should Never Pay The Ransom
Understandably, you’ll want your data back as soon as possible. So surely paying the ransom will do that, right?
Authorities strongly advise against paying ransomware demands for several reasons.
Firstly, there is no guarantee that the cybercriminals will restore your access after payment, and secondly, businesses will still be vulnerable to future attacks.
Also, paying the ransom will fund future criminal activity and may increase the likelihood of an organisation being targeted again.
How Should You Report Ransomware Incidents
If your business is affected by a ransomware attack, you must report the incident to:
- National Cyber Security Centre (NCSC): report.ncsc.gov.uk
- Action Fraud: www.actionfraud.police.uk
Ensuring that the authorities are aware of such criminal activities helps them to track down the perpetrators and stop further crimes from being carried out.
Boosting Cyber Resilience with Cyber Essentials Certification
The UK Government-backed Cyber Essential Certification is a great way for businesses to strengthen their cyber security by addressing phishing attacks, malware and ransomware, weak password practices, and network vulnerabilities.
Ransomware attacks are becoming more sophisticated, but with a proactive security approach, businesses can greatly reduce risk. By investing in robust cybersecurity measures, educating employees, and having a strong response plan, you can protect your operations, reputation and future from the devastating impact of cybercrime.