Preparing To Survive a Ransomware Attack
If there is one IT problem that keeps me awake at night, it is the ransomware attack. They are indiscriminate, and hugely destructive. They operate largely in a highly mechanised and automatic way – and are so prevalent within the IT landscape that you are generally lucky not to find yourself targeted by one.
The principle of a ransomware attack is based on taking your data and putting it beyond use. It does this by using encryption – essentially the data is “scrambled” and can only be unscrambled by using a key that ransomware author (i.e. the hacker) has. The hacker will offer to sell you this decryption key for a price, usually around £300 to £1,300.
When ransomware attacks your computer, it will look for a combination of any document files locally stored on that computer, and then look for any other computers on your local network that it can find. As such, it’s not uncommon to find that when one computer on a network gets attacked, any other computers – such as colleagues’ computers or servers on the network – also get attacked. The computer itself will often keep working, as after all the hackers need to make sure you can log-in and see the ransom message and be able to access the web so that you can communicate with them.
For SMEs, there is another issue in that virtually all SMEs will use cloud-based sync utilities such as OneDrive, Dropbox, iCloud, or Google Drive. If these are configured so that you have a folder on your computer to access these shared drives, the ransomware will infect these files too. The infected files will then spread out to other computers within the set, which means it’s entirely possible to end up destroying customers, suppliers, or other partners data if you are linked into them via OneDrive, Dropbox, etc.
How you get attacked
The most common “vectors” for ransomware attacks are malicious email attachment and links, which is why it is critically important to practice good “email hygiene” within your business and train staff to be vary wary of emails that come from sources that they do not know.
As well as this email hygiene point, the next position is that generally speaking it comes down to the three golden rules of cybersecurity: keep your computer and software updated and patched, keep your antivirus running, and make sure you have strong passwords. The updates and patching make it harder for ransomware to exploit bugs and other holes on your computer to gain a foothold, the antivirus will (hopefully) stop any ransomware from running, and strong passwords make it harder for the ransomware to either get into or propagate within your network.
How to prepare
There is only one real defence against ransomware, which is to make sure that you have backups. Realistically, the only way to recover from a ransomware attack is to wipe any affected computer and restore data from a recent backup.
Backups is a larger topic, and you can find out more with our [Simple Guide to Backups for SMEs].
Broadly speaking, SMEs should be – and admittedly usually do – keep the master copy of any files that they have in the cloud. Our strong recommendation for this is to use SharePoint as part of Office 365 Business, or Google Drive as part of G Suite. These are preferable to Dropbox, iCloud, and others because you can back-up the whole cloud – the so-called “cloud-to-cloud” backup. If you as a business keep all your data in the cloud, and then backup this cloud data on a daily cycle or better, you become virtually impervious to ransomware attacks. Any computer or computers that you lose to such an attack can be wiped, and your data easily restored.