Last Updated on 25th January 2022
What to do if you have a Ransomware attack
Ransomware is becoming an increasing problem for businesses across the UK and the world. Recent research found that only 4% of UK businesses are confident that they would be able to deal with a ransomware attack. By deduction, we can assume that 96% of businesses are not so confident that they would know how to deal with this kind of cyber security attack.
What is Ransomware?
Ransomware is where malware (malicious software) installs itself on your device and encrypts your files, removing your access. You then receive a message asking for a ransom to enable your files to be returned to you. There is often a deadline for you to pay the fee before the key to the encryption is lost forever.
How do I deal with Ransomware?
The first step in dealing with any kind of threat is making sure you have defences in place to deter the risk. When it comes to ransomware the best practice for this is to educate your employees so that they know what to look out for. All staff should make sure that they are scrutinising any links and attachments in emails they receive before interacting with them. Making sure that staff know how to spot a phishing email is essential.
Your IT Team or IT Service Provider should be making sure that all the possible defenses are in place to protect you. You should not be afraid to question them and ensure that everything is being done to protect you. We recommend:
Patch management: Ensure that all of your application patches for your operating system, software and firmware are up to date.
Anti-virus: Make sure that your anti-virus is set to automatically update and regular scans are being conducted.
Restrictions: Implement software restrictions or other controls to prevent the execution of programs in common ransomware locations, such as temporary folders supporting popular Internet browsers.
Access: No users should be assigned administrative access unless absolutely needed. Those with a need for administrator accounts should only use them when necessary; they should operate with standard user accounts at all other times.
Whitelisting: Implement application whitelisting. Only allow systems to execute programs known and permitted by security policy.
Your Disaster Recovery Plan
If ransomware gets past every security measure that you put in place then you need a plan for the worst case scenario. It’s just like protecting your house, you put up a fence, put locks on your door, install CCTV and a burglar alarm but someone could still break in. Would you not bother locking your door? Would you bother not getting house insurance? A disaster recovery plan is essentially house insurance for your data. If someone gets in and takes everything you will be able to get it back. You need to have that last line of defense.
What should a good Disaster Recovery plan include?
Back ups: You should make sure that you are backing up your data regularly. Your back up should also be reliable. If you’re still backing up to tape you need to know that this can get corrupted or wiped very easily. We highly recommend you look into a more substantial form of back up for your data. You should also make sure that your back ups are not connected to the same network as what they are backing up and your whole environment is being backed up, not just your files.
Offsite replication: It is essential that you replicate your backups off site to ensure business continuity in the event of a site issue. Backing up locally just might not be enough should a more destructive ransomware attack occur, it could access your back ups. You should store uninfected back ups in an offsite location.
Testing: You have to know that your back up is working. You cannot let a disaster be the very first test of a back up. You need to test your back up and ensure your recovery time objectives can be met.
Recovery: You have to be sure that your data can be recovered on time and every time. You need to be 100% confident in your disaster recovery plan.
If you are concerned about Ransomware or the disaster recovery in your business, please do not hesitate to contact ACUTEC today on 01675 469020. Alternatively download our Cyber Security Playbook for everything you need to know to stay safe.