Ransomware – What is it? What are the risks? What can you do?

Cyber-attacks are unscrupulous, unsolicited and unwelcome and growing at an exponential rate. Previously an annoyance they are now a serious threat to businesses of all sizes. The world we work in is becoming ever more connected and reliant on the internet making every organisation a target for cyber-attacks.

What is Ransomware? ‘Ransomware’ is type of Virus (malware) that is written to infect a PC (or network) making it impossible to access files until a ransom is paid. One of the most common forms of ransomware is Cryptolocker.

Since first seen in October 2013, Cryptolocker has infected hundreds of thousands of PC’s and networks. The virus is distributed through counterfeit emails and spurious websites, both of which imitate genuine organisations. After the files have been encrypted, the virus will prompt the user to make a payment to release the files. Although paying the ransom should fix the issue, there have been many reports that the files have not been decrypted or shortly after the PC is infected again.

Cryptolocker targets businesses and individual machines in the same. The likelihood is that the malicious code will have come from the Dark Web after a hyperlink that was inadvertently clicked opened up a connection to a Ransomware site. The Dark Web is a collection of websites that are publicly visible, but have hidden IP addresses making it very hard for the authorities to shut them down as it can be impossible to establish where they are.

The consequences of Cryptolocker in a business environment is often more damaging than on a home PC as the scope for disruption significantly increases. A single infected machine opens the door to the entire network, meaning that all server data, mapped drives and cloud based plugins (such as Dropbox) could be encrypted.

Within the UK Government there is a dedicated cybercrime unit to tackle the Dark Web, but it is a battle will never be won no matter how hard they fight to track down the culprits. Therefore all businesses should take action to protect their data.

Hackers are persistent and professional and have countless methods for inflicting havoc. The changing landscape makes it impossible to totally mitigate against the risk of infection, but there are a number of steps that should be taken;

• Use a reputable anti-virus package and ensure the security definitions are updated regularly
• Update your PC’s and servers with the latest Windows Updates
• Use a Firewall (such as a Dell SonicWALL) to block access to Tor sites to cut off the Dark Web
• Educate staff NOT to click on adverts or pop ups that may appear whilst surfing the internet
• Never open an e-mail attachment when you don’t recognise the sender
• Never open an attachment with the extension .EXE

While ‘prevention is always better than cure’ you must have a plan should the worst happen. Of fundamental importance should be a robust backup process to regularly (ideally hourly) back up files and a tested and trusted restore process so that you can quickly recover the system to a point in time before the malware was introduced.

To learn more about how you can protect your business call the team at Zenzero on 0333 3209 900 or visit our website: http://www.zenzero.co.uk/sonicwall/