Businesses of all sizes are falling victim to ransomware attacks, and cyber professionals see no signs of it stopping or slowing down.
When we hear about ransomware attacks, we begin to think how much the ransom is and how soon can the locked files be recovered. However, one global firm that fell victim to a recent ransomware attack defied the odds and decided to recover from the cyber-attack manually rather than paying the ransom for their data back.
The scale of the ransomware attack
It is estimated that the ransomware attack on Norsk Hydro, a global aluminium producer that employs over 35,000 people across 170 sites in over 40 different countries had 22,000 computers rendered unusable. The consequences of the cyber-attack have come at a cost to Norsk Hydro in the form of loss of revenue, production and productivity. The BBC reports that this has cost the firm £45 million to date.
The amount the cybercriminals were demanding is unclear, but what is clear is that Norsk Hydro has refused to make any ransom payment for the return of their company data and have begun to recover from the attack manually resorting to ‘pen and paper’ processes. While this has had a detrimental impact on the business as a whole, law enforcement agencies back the stance taken by Norsk Hydro as paying any ransom for the return of data only fuels cybercriminals in their efforts to exploit other companies. There is, of course, no guarantee that company data may be de-encrypted once a ransom is paid.
Steps you can take to protect yourself from ransomware attacks
In a post last year, we mentioned the rising risks of WannaCry Ransomware, and it’s worth pointing out again the steps businesses can take to reduce their risks from ransomware attacks.
1. Staff training
- It sounds obvious but train your staff to spot potential phishing emails. Cyber awareness is one of the fundamental improvements businesses can make to mitigate risks from potential human error.
2. Software updates and security patching
- Stay up-to-date with Microsoft security patches for both servers and workstations;
- Install real-time updated antivirus, and turn on active scanning;
- Keep all software up-to-date, especially the likes of Java and Adobe Flash Player;
- If possible, avoid using Adobe Flash Player altogether.
3. Backup, backup and backup
- Take regular backups and test them to ensure that they work.
4. Use email with caution
- If you or any other user is even a little bit unsure about an email or attachment, never click it/open it;
- If you suspect an email to be suspicious don’t forward the email around the company;
- Ensure all email is encrypted;
- Use advanced mail filtering/threat protection to scan incoming emails for suspicious contents;
- Use two-factor authentication (2FA) on your email platform for added security.
5. Website safety
- Always avoid dubious websites, as they can often contain ransomware payloads;
- Use web filtering / URL filtering to block users visiting suspicious sites;
- Install ad-blocking and anti-spam filters.
6. Data management
- Implement read-only permissions for documents;
- Store documents in a document management system.
7. IT policies
- Setup appropriate user access rights on your systems. Not every user needs access to every file/system;
- Regularly review user access rights;
- Enable software restrictions through Group Policies;
- Enforce strong password policies and use a tool to check passwords against a known breached password database;
- Make IT security awareness part of your employee’s annual training programme.
The above list isn’t exhaustive, and there are many other things to consider such as how and where you store confidential information, how often you review third-party access, and which assets are deemed most critical. MMRIT can help you to understand which assets are most vital, where security vulnerabilities lay and how these can be fixed with a security audit and GAP analysis.
Talk to us
To find out more about safeguarding your systems and data from ransomware attacks, contact MMRIT. We specialise in keeping business safe and minimising cyber risks across legal, financial and professional services sectors.