According to the FBI, the fastest growing cyberthreat to both business and personal networks is ransomware. IT departments worldwide are reviewing their Cyber Security Solutions to see if and how they can counter the threat and, if hit, how to recover from it.
What is Ransomware?
Ransomware is quite a simple concept. Introduce malicious software that encrypts the data, and sometimes the software on it onto a system, then demand payment for the decryption key.
It’s not just business, the expansion of networks into homes has exposed them to ransomware attacks. All users need to recognise that they are vulnerable and upgrade their Cyber Security Solutions to meet the threat.
What does Ransomware Do?
By preventing access to your data, ransomware can make your business unmanageable. You can’t receive or process orders, you cannot manage your cash flow, you cannot service customer requests, and you have serious difficulties in paying wages and suppliers. There may be manual get rounds, but these in general do not provide what you need to manage your business. You suffer massive reputational damage. Ransomware can easily kill your business stone dead in a very short time.
In domestic terms, quite apart from you losing those treasured memories, it can switch off your home security systems, making your cameras and motion sensors useless. Worst of all, it can switch off the panic alerts to your security service provider.
What can you do?
Basic Principles
The first thing to recognise is that paying for the decryption key is not the answer. Even if the criminals provide a key that works, and they usually don’t, you are not out of the woods. The key might only work partially, and parts of your database need further payment to be unlocked.
A second problem can be that the key only decrypts the data, The underlying malware that encrypts the data is still there and can be reactivated. You pay once, and the likelihood is that you will pay again. The FBI recommend that you do not pay, it only encourages them.
What to do, firstly to prevent being hit by malware, and what to do if you are hit.
The most obvious step is to update your Cyber Security Solutions to counter ransomware attacks, but because the attack vectors are continually changing, they can sometimes slip through.
The best answer lies in being prepared and being ready with a plan of what to do when it does hit.
Keep Up to Date
The struggle between bad actors and software, especially anti-malware tools is never-ending. You need to be aware of the latest threats, the attack surface they threaten, and the attack vectors they use to penetrate networks. Regular, sometimes daily updates to anti-malware software is a must. Both for business and domestic users.
Regular Backups
Having a clean backup of your systems and data is an absolute no-brainer. If ransomware hits, you need one to be able to recover. How you do it depends on how quickly and how up-to-date you need your recovery point to be. You may need to include desktops if any data is stored locally.
For example, an e-commerce site might be best served by switching to a hot-standby site if services at the main site are lost. Another business might be comfortable with a system as at a day or a week prior.
The fashion today is to back-up everything to the cloud. That may be sufficient if the cloud backup is clean, but it could be compromised by being connected to your network. The best idea is a belt and braces approach by having a backup air-gapped away from your network and preferably off-site.
A Business Continuity Plan
All prudent businesses have a plan for how to cope in the event of a major threat to their operations. Ransomware is one such threat. You need to have a programme of actions to be taken in the event of a ransomware attack as part of your overall business continuity planning.
A continuity plan is not a static document. It must be regularly reviewed and updated to reflect the changing business environment.
After Ransomware Hits
Step 1 – Don’t Panic.
Take a moment to assess the extent of the damage and identify any immediate steps you can take to ease the burden. Implement the Business Continuity Plan and mobilise all the resources needed to reinstate services.
Step 2 – Communication.
Let all internal, and key external users know that there is an IT problem, that you are attending to it, and normal service will be resumed as soon as possible. Let your external service suppliers like your VoIP provider and ISP know, and they can store essential communications such as email, and other communications routed through them.
Step 3 – Reinstatement.
You have decided not to pay the ransom. The quickest and most effective solution is to revert to bare metal. Reformat all servers to remove all traces of the malware and restore the latest system and data images from a clean backup. You may need the assistance of your software suppliers and external agencies such as your ISP. You may need to do the same to desktops if the ransomware agent was introduced via one. If and when, and it is likely to be when ransomware hits, having comprehensive, up-to-date, and clean complete backups of all systems and data is absolutely essential. Without them, your road to recovery will be that much longer and harder.