Existing customer: 01865 598 100
New business: 01865 598 145

Don’t fall prey to ransomware

At Firstline IT we have seen an increasing number of ransomware attacks on our clients over the past 18 months. Each attack was devastating to the individual company involved at the time although in all but one case we were able to recover all the data without paying the ransom.

Ransomware has been around for a while, but the criminals are getting cleverer: some are attacking backups in addition to the main systems, and some are hacking networks and online backups to put ransomware in place, rather than relying on people unthinkingly clicking on email attachments or website links.

The ransom demands have also escalated. Typically hackers are now demanding around £10k to £15k for the return of your data. And, of course, if you are going to pay it will be in bitcoins over the dark net. Will you actually get your data back? Who knows?

What is a ransomware attack?

Ransomware is a piece of code that gets into your network and encrypts your data so that you cannot read or use it. One way to return it to normal state is to pay for a de-encrypting code; the criminals behind the attack usually leave a message letting you know how to contact them. You may also be able to recover your data from backups if these have not been attacked as well.

How does the ransomware get into my network?

Many ransomware attacks result from email campaigns or website links in which the malware is distributed as an attachment or as a clickable link. However, cyber-criminals are now progressing to inserting ransomware through direct hacks, through weak passwords, into business networks.

Am I OK if I’ve got a back-up?

Not necessarily. If your back-up is on a device permanently connected to your network and they hack directly into your network the hackers are likely to look for that and corrupt it too. Also, once into a machine or server on your network they can access your cloud storage such as Dropbox.

A few years ago it was good practice to run your network from a local server and regularly back up to a network storage device. This still works as long as you unplug the storage device, but if it remains connected to the network you are vulnerable. If they corrupt your cloud storage there is usually a recovery route but this can be slow and the disruption and stress is still best avoided.

Who is most vulnerable?

Networks that still use a local server or storage device to share data are most at risk. If you use Office 365 or Dropbox, the vulnerable parts of the network are individual machines and through these they can reach your cloud storage. If you do have data on a laptop or workstation, also make sure it is not the only copy in the business.

If you are still using Small Business Server with both data and email you are very vulnerable indeed because both systems could be lost in a ransomware attack. If you have a hosted email solution, for example, at least your email cannot be encrypted.

How can I best configure my system to guard against attacks?

The single most effective way to protect your data is to store your backups so that they are not visible on your network. Either backup online to a remote hosting system or use two backup devices and swap them over every day. In addition, we would recommend that you keep your emails and accounts data on separate systems: if you do that, there is a good chance you would only lose data – which would be painful but not disastrous.

What else can I do to protect my system?

  1. Install Intercept-X, a network device from Sophos. If the server doing the backup is safe then the backups themselves will be safe.
  2. Maintain good housekeeping around email accounts, network logons and remote workstation accounts. Make sure you delete redundant mailboxes and accounts. Often businesses have generic accounts such as admin or test with weak passwords (so that everyone can remember them). In addition, hackers will often guess at simple user name logons – it’s a good bet than any organisation has a Dave or a Kate.
  3. Always use strong passwords on all network or email logons. Strong passwords contain upper and lower case characters, numbers and special characters where you have to use the shift key. To remember your passwords use any of the secure notes apps that are available on smartphones.
  4. Ensure everyone follows basic internet security protocols: never open an attachment if you are not certain where the email has come from (spelling mistakes are often a good clue to fake emails); and be careful about dodgy websites and advertising links.
  5. If you see a ransomware attack in progress, disconnect from the network and shut down the computer– you may be able to limit the damage.

Ultimately it’s about strong passwords

You may be getting bored with this but the importance of unique, un-guessable passwords cannot be overstated. If you think you won’t remember a long stream of characters, it’s not wrong to write them down somewhere safe– just don’t leave them on a sticky note on the computer screen.

Where can I get further help?

Firstline IT cybersecurity team will carry out a ransomware vulnerability audit. Please contact us for an informal chat about your risk levels and possible courses of action.

Want to discuss your organisation’s needs?

Speak to us

Existing customer: 01865 598 100

New business:01865 598 145