How to protect your business from ransomware

Ransomware attacks are indiscriminate in who they target, says Robert Brown, CEO of DRS, a Cognosec company.

Everyone has become familiar with the term ransomware, with attacks increasing in frequency and making the headlines far too often.

Most ransomware takes control of a machine or mobile device and demands payment in crypto-currency to release an encryption key to unlock the system. Ransomware attacks are indiscriminate in who they target, affecting businesses and individuals alike, says Robert Brown, CEO of DRS, a Cognosec company. "As long as the ransom is paid, the cyber criminals don't care who is affected."

Unfortunately, too often it seems the only way to get your files back is to pay the ransom, adds Brown. "However, we cannot advise strongly enough against this approach. Not only is paying the ransom no guarantee that you will get your information back, it simply encourages the actors behind this scourge to launch more of these attacks."

He says several security vendors have designed tools to help decrypt files, and an initiative called 'No More Ransom' has released 52 free decryption keys to known pieces of ransomware. There are also several ways businesses can protect themselves from ransomware.

"Firstly, back up, back up and back up again. In the worst case scenario, where you have no encryption key, and are unwilling to pay the ransom, having all your files backed up will allow you to recover quickly from these attacks. Having all your files and documents on hand will greatly limit any damage or loss."

He advises to back up all the information and files on your PCs and mobile devices onto a totally separate system, such as an external hard drive that doesn't connect to the Internet. "Businesses will usually save copies of their data to off-premises servers that will remain unaffected in the event they fall victim to such an attack."

Moreover, Brown advises companies to teach their staff about good security practices. "Ransomware infections usually happen because someone unwittingly clicks on an attachment in an e-mail, reads a malicious advert on a Web site, or falls victim to a clever phishing attack. Remember, in order to infect a victim, attackers need to download malware onto their computer. This is then used to launch the attack and encrypt files."

Always err on the side of caution when opening an e-mail, particularly from a source you are not 100% sure is legitimate, and never, ever click on any links or attachments in these e-mails. "Take this further and only download apps from official marketplaces. Check the reviews for any reports of malicious activities, and question the permissions carefully to make sure an app isn't asking for access to things they don't feasibly need," Brown says.

And, of course, make sure you have anti-malware installed on your devices. "While not fool-proof, a good AV product can prevent ransomware from being downloaded onto your systems. They should have a scanning feature, to check files to root out any malicious code before downloading. They can also block installations from malvertising, which helps prevent ransomware too."

Finally, and this was a major lesson learned by WannaCry, update and patch your software as soon as possible. Vendors regularly release updates to their products to fix vulnerabilities that can be exploited for all sorts of malicious activities.

Share

DRS

Dynamic Recovery Services (DRS) is an ICT services and solutions provider specialising in providing innovation and agility in information security, IT risk management and IT governance. The company provides security services with a portfolio that satisfies customer needs, from the creation of security strategy to the daily operation of point security products.

The company partners with market-leading technology providers to ensure the best supply of infrastructure as well as execution of professional services, ensuring the selected products are effectively implemented and operate efficiently in the business environment.

www.drs.co.za

Cognosec

Cognosec is an IT security company engaged worldwide, operating in a multitude of industries including banking, finance, government, healthcare, retail, manufacturing and hospitality. Cognosec's extensive experience in security, governance, risk and compliance services allows the company to offer the best in payment, communications, network, and e-commerce security.

Cognosec is certified in QSA, ASV, (P2PE) PA-QSA, CESG Penetration, Testing, CESG Cyber Security Incident Response.

www.cognosec.com

Editorial contacts

Mia Andric
Exposure
mia@exposureunlimited.net