Story image

The reign of ransomware: How to protect your business from the ransomware onslaught

17 Jul 2017

Imagine the following scenario: you’ve arrived at your desk to get your working week started, you attempt to start up your computer but your computer has now become compromised by a ransomware attack. Unfortunately, this is a scenario that has become much too familiar to businesses and individuals, globally.

Recently we have seen an alarming number of ransomware attacks – like WannaCry, MacRansom and the latest, Petya – send shockwaves throughout the entire security world. Ransomware is a form of malware that infects devices, networks, and data centres. The aim of ransomware is to prevent the use of these devices until the organisation pays a ransom in exchange to have the system unlocked.

Company documents, employee and client privacy is a top priority for organisations so they need to ensure they are prepared and ready in case a ransomware was to strike. With cybercrime costing Australians $1 billion every year, private enterprises and public entities are looking for additional ways to better protect information and preserve the integrity of their data.

Here are three measures that can be taken to assist your company to prepare against a possible ransomware attack:

Backup your data

Backing up your data means you are one step ahead of your potential attacker. The point of a ransomware is to block the use of key systems, so by having data backed up, documents can be protected and continued to be used. Preferably, the backups should include not only your documents and records, but also critical business correspondence like emails.

One thing to note is that ransomware attackers sometimes target backup systems to encrypt and lock as well, by first gaining entry to the desktop. From here, they manually work their way through a network to get to servers.  If your business decides not to back up to the cloud and instead backup to a local storage server or device, these should not be directly connected to the desktop and should be offline.

And of course, don’t forget to scan your backups for vulnerabilities. It would be pointless transferring all your data onto a device that is always compromised.

Apply patches and updates

We’ve said it once and we’ll say it again – patch, patch, patch! A vast majority of successful attacks exploit vulnerabilities that are months or years old, and for which patches have been available for a good while.

By regularly updating and patching your systems and applications, you minimise the number of avenues through which cyber attackers can compromise your business. So make sure the next time you receive a security update, you don’t just wave it aside and tell yourself “later”, take the time to apply these updates and you could possibly be preventing the next Petya or WannaCry.

Learn when to say no

No one likes spam in their inbox, however, this is still a primary method that cyber attackers use to infect devices. The phishing attack involves spamming a victim’s inbox with emails that contain malicious attachments or links. Most ransomware attacks begin with attachments or links opened through malicious emails so if you think an email is suspicious, delete it straight away.  Email is still the number one source for malware and infection so make sure that your organisation has put in place an appropriate email security solution across your distributed environment.

With ransomware on the rise, best practice would be to learn when to say no to emails that could potentially infect not only your computer, but your entire company. The same goes for web security tools. These can be wired and wireless access, cloud-based security, and network segmentation strategies. These allow you to detect, isolate, and respond to threats found.

With the latest onslaught of global ransomware attacks impacting business operations all around the world, IT and security teams are under even more pressure to ensure their security measures are up to scratch. By preparing yourself and educating your team on the different forms of cyber threats lurking around, you can stand united against cyber criminals.

Article by Jon McGettigan, senior director, Australia, New Zealand & South Pacific Islands at Fortinet.

Microsoft urges organisations to tackle data blindspots
Despite significant focus placed on CX transformation, over a third of Australian organisations claimed that more than one in five of their projects failed.
Raising the stakes: McAfee’s predictions for cybersecurity
Security teams and solutions will have to contend with synergistic threats, increasingly backed by artificial intelligence to avoid detection.
Renesas develops 28nm MCU with virtualisation-assisted functions
The MCU features four 600 megahertz CPUs with a lock-step mechanism and a large 16 MB flash memory capacity.
DOCOMO ranked world's top mobile operator in 5G SEP applications
NTT DOCOMO has been ranked the world's leading mobile operator in terms of applications for candidate standard-essential patents.
Exclusive: Ping Identity on security risk mitigation
“Effective security controls are measured and defined by the direct mitigation of inherent and residual risk.”
CylancePROTECT now available on AWS Marketplace
Customers now have access to CylancePROTECT for AI-driven protection across all Windows, Mac, and Linux (including Amazon Linux) instances.
Gartner’s top 10 data and analytics trends for 2019
Data is the fuel for the modern world, and analytics the engine. Gartner has compiled the top 10 trends to watch this year.
How CIOs can work with colleagues to drive new competitive advantages
"If recent history has taught us anything, it’s that the role of the CIO is always changing, and that it won’t stop changing anytime soon."