Ransomware: How to Protect Your Business
Cost estimates for the impact of ransomware on businesses and government organisations around the world vary massively. One problem is that according to some cyber security analysts, less than 50% of ransomware attacks are reported as organisations prefer not to go public to protect their brand credibility.
Another issue is that apart from the “ransom” – most often paid in cryptocurrency – the criminals behind the attack often don’t release the key to unencrypting the systems, meaning the cost of recovery skyrockets.
In this article, we look at what ransomware is, how attacks are targeted, why they succeed and the damage an attack can do.
We also explain how to protect against them by backing up data, giving staff cyber-awareness training, developing a disaster recovery plan and using a sophisticated endpoint Managed Detection and Response (MDR) system such as SentinelOne.
Advanced AI-based solutions monitor endpoints constantly and in the event of suspicious activity such as a ransomware attack, block the attack and raise automated alerts.
UK ransomware facts and figures
According to some estimates, the global number of ransomware attacks in 2021 had hit over 300 million by the midpoint of the year, compared to a similar number for the whole of 2020.
While most of these attempts targeted the USA a significant number were aimed at UK businesses, charities, schools, hospitals and other public sector organisations.
Bottom line: the threat of ransomware is very serious, constant and growing, requiring every time of organisation to take protective measures against it.
What is ransomware
Ransomware is a computer programme that gets into your network (see later for how) and then encrypts files and data on computers and servers so they cannot be used without the key.
Once in place, the hacker holds the data ‘hostage’, demanding payment in the form of a ‘ransom’ to release the files using a decryption key.
Ransomware can happen to anyone and is widely employed to attack businesses, universities and healthcare systems. Indeed during 2020, Duesseldorf University Hospital’s care systems were disabled hospital by a ransomware attack, resulting in the death of a patient died.
Cases of ransomware that emerged in 2021 include Lemonduck, REvil, Trickbot, Dridex, Conti and Cobalt Strike.
What damage does ransomware cause?
Unlike other computer viruses that can be removed or prevented by anti-virus software after getting on to a computer, the only way to remove ransomware is to pay the ransom (usually in Bitcoin or other crypto currency) and then hope and pray that the hacker sends you the key to unlock your files.
The impacts of ransomware fall into the following categories:
Direct cost: lost sales while network systems are down.
Lost customers: according to Forrester, 38% of companies say they lost customers following a cybersecurity breach – including ransomware attacks.
Remediation: the average cost of remediation following a successful ransomware attack to UK companies can be up to £1million according to some sources.
Reputation damage: impossible to measure, but a publicised ransomware incident affects potential buyers’ view of a brand, impacting negatively on their potential to purchase from that company.
Worst case scenario: the crippling down time for an entire organisation can potentially lead to loss of life, as was the case in Germany.
How does a ransomware attack succeed?
Many of the ‘vectors’ or channels through which malware including ransomware is distributed are incredibly simple. The most common channel is email, where infected links or files such as Word or Excel documents may be clicked and/or opened.
Often, multiple conditions may be required for a ransomware attack to succeed. It doesn’t only boil down to a lack of cybersecurity systems and software.
Lagging policy updates, out of date software, a lack of training or education resulting in poor end-user vigilance – even a lapse in concentration can result in success for the hacker.
The definition of success for the cybercriminal however is simply to gain access to a network, steal data and “hold it hostage” pending payment of the ransom. The documented evidence of ransomware payments is, however, scarce because so few companies own up to it.
The key in all of this is that criminals target what they perceive to be “the weakest link” in the chain: the employees of the business – including those at executive level.
How to protect against ransomware
The number one rule in protecting against ransomware and any other kind of cyberattack is never to assume it won’t happen to you. In fact, assume you will be targeted. Other key measures include:
1. Back up your data
A robust backup system for all systems – including email – is a core form of protection. If your data can be backed up and, crucially, restored effectively and efficiently, then you can be up and running again in a relatively short period – and critical operational processes can resume.
Depending on the size of your organisation, you’ll need a full back up plan and potentially system redundancy to ensure continuity. Don’t assume that because your data is stored in the cloud it’s all immune from a ransomware attack.
2. Don’t rely on anti-virus alone!
Deploy a modern security MDR (Managed Detection and Response) software solution such as SentinelOne. MDR software monitors the behaviour of processes running on all endpoints, looking for any suspicious activity that could indicate a security breach such as a ransomware attack. It then blocks the attack and raises automated alerts.
Artificial Intelligence such as SentinelOne’s patented behavioural technology protects every endpoint through the threat lifecycle including:
- Pre-execution: attack prevention
- On-execution: detecting and containing threats
- Post-execution: visibility & response, remediation and rollback.
SentinelOne can block many attacks automatically on its own. But for a complete solution, human input may be required via Security Operation Centres (SOCs) to:
- Isolate an affected computer from the network while maintaining control of it remotely
- Suspend potentially compromised user accounts
- Carry out detailed security investigations
- Remove the suspected threat
- Rollback the state of a computer if it has already been compromised
- Return the computer to safe operation.
Combining the SOC network with SentinelOne and Bitdefender makes the ConnectWise MDR™ Endpoint Protection solution one of the most comprehensive security solutions available, offering maximum peace of mind.
3. Train employees in good computer security habits
Cyber-awareness training is a useful took in the battle against ransomware.
Staff should be trained on how to spot suspicious emails, links and attachments and avoid clicking or opening anything that looks like it may not be genuine. They should also understand the importance of not sharing passwords and of using only strong, unique passwords.
4. Develop a disaster recovery plan
If all else fails, get a comprehensive DR plan in place. As well as the key infrastructure such as cloud technologies, cybersecurity, remote management and IT systems support, you’ll need a well drilled plan and procedure to ensure that all the critical elements of your IT can be brought back into operation quickly and effectively, and that your people will know exactly what to do.
To help your organisation protect against ransomware including backup solutions, cyber-awareness training, cybersecurity systems and solutions and to develop your DR strategy, contact Alliance Solutions on 0800 292 2100 and ask us for a full review of your cybersecurity status.