Few people can be unaware of the latest ransomware attack, WannaCry, which hit Friday 12 May, affecting organisations across the globe.
So, we’ve put together a blog with advice to help customers better protect themselves.
There are two main types of ransomware – lockscreen ransomware, where screens are locked to bar access, and encryption ransomware, where files are altered and opening prevented until an encryption key is applied.
Either way, a ransom – usually payable in Bitcoins – is demanded, and which affected organisations must pay, or lose critical data.
As cybercriminals become ever more sophisticated, businesses can be infected by ransomware via a number of routes, but typically via email, through accessing malicious websites, or due to flaws in installed software (and omitting to apply patches).
Most businesses will have in place some – if not all – of the top ten measures we believe are essential at the outset for protecting businesses from cybercriminals:
1. Install anti-virus, web filtering and firewalls
The best way to secure against cyberattack is to prevent malware entering the business in the first place. A ‘layered approach’ to protection is defined as implementing anti-virus, web filtering and firewalls – and ensuring each is properly configured and always up-to-date. Modern scanning solutions re-write links to check that they will be safe at the time of ‘clicking’ and open suspicious attachments to verify what they do.
2. Keep IT up-to-date and patches applied
Malware can often enter via bugs in software and applications. Protection can be advanced through ensuring software updates are implemented and patches applied as soon as they’re released. WannaCry is believed to be exploiting a Windows issue for which Microsoft released a patch in March, but which many organisations did not use to update their systems.
3. Backup – and regularly
Whereas encryption ransomware will result in live data being affected, backup data will not have been maliciously encrypted. Once infected devices have been cleared down backup data can be restored. Providing backup procedures are performed regularly, the integrity of the data is routinely checked, and the business creates well-defined, practised, restore procedures, an affected business will lose relatively little data. Most importantly, they can be swiftly up and running.
4. Keep your users trained
Cybercrime originating through email is common, often sent as mass random communications. Therefore, it’s worth ensuring employees receive regular training to remind them of potential hazards. Emails incorporating malicious links still create issues for many businesses. Some tell-tale signs to look for include:
- Emails claiming to be from well-known, reputable organisations. These may have email ‘from’ addresses that differ very slightly from the official address – a 0 replacing O, for example;
- Communications from organisations or on topics that arrive out of the blue.
- Poorly written text (with spelling and grammatical errors) often points to a fraudulent email – although it’s worth noting that cybercriminals are becoming increasingly more savvy where this is concerned.
- Emails may have been sent by bona fide contacts, but whose own accounts have been hacked. These can often be identified as they contain a short – often nonsensical message – and (malicious) link.
- Social media networks or instant messaging may also contain links to malware.
Visiting a professed organisation’s official website can be a satisfactory way of guarding against clicking a malicious link, but the main point is that it’s essential to keep reminding employees of these potential ransomware threats.
5. Is it really the CEO emailing?
A second – and growing – form of cyberattack visited through email is that of spear-phishing, where an attacker poses as a company official to exploit a specific function – such as a ‘CEO’ purportedly requesting Finance transfer funds. These types of email can also claim to come from official organisations – a bank, government department, or even the police, for example.
6. Formalise security policies
Define in writing formal protection policies and processes, and work with an IT partner to roll out these policies on every machine, to provide as much protection as possible for each individual user.
7. Instigate a robust password and multi-factor authentication policy
It goes without saying that the more robust a password requirements policy, the harder it is for cybercriminals to infiltrate. But many businesses still employ an ineffective/weak set of regulations – if any. Insisting on unique ‘strong’ passwords for individual accounts will help reduce potential risk, as will implementing single-sign on solutions. With multi-factor authentication, access is gained only after successful submission of various pieces of requested information, such as a numeric code texted to a mobile device, as an additional layer on top of password control.
8. Personalise anti-spam settings
Malware can be activated via attachment, but a webmail server can be configured to block potentially suspicious attachments and which may have extensions such as .exe, vbs, or scr. A show file extension function is also useful to help avoid accessing malware via attachments.
9. Block pop-ups, disable macros, disallow data transfer via USB
Increasingly, malware is distributed via every-day type documents that invite users to enable macros. A robust policy regulating download privileges, defining rights per employee can extend protection across the business.
10. Turn off immediately if suspicious activity is detected
At an early stage of an attack disconnecting from the web could prevent the malware establishing itself, but doing so may also prevent ransomware spreading to other areas of the business.
Cobweb CEO Michael Frisby says, “Ransomware is an insidious crime, with potentially devastating effects for infected businesses – as WannaCry is demonstrating, and can hit organisations across industry, location and regardless of size.
“But there are ways businesses can protect themselves, with a people-process-technology approach to look at potential flaws in employee behaviour, business procedures and IT systems particularly effective.
“We’re therefore offering customers a free cybersecurity health check review – carried out by certified security experts, the report covers over 40 security checkpoints, so you can find out how your business scores out of 100 for security and understand how Cobweb can help you safe-guard your business."
“It’s also worth remembering that when facing a ransomware attack, there’s a criminal gang behind it. Who’s to say that even on payment of a ransom demand, files will be un-encrypted… In addition, the National Crime Agency encourages businesses to NOT pay ransoms.”
Cobweb will be publishing various articles on security and protecting businesses against malware in the forthcoming weeks – but in the meantime get your FREE personal cybersecurity health check or contact any of the Cobweb Team, on 0333 920 6841 or email firstname.lastname@example.org.
The National Crime Agency (NCA) and the National Cyber Security Centre also offer advice, and the Cybersecurity Information Sharing Partnership (CiSP) is a national forum for discussing cyber issues.