Ransomware, one of the fastest-growing malware hazards of the 21st century, threatens businesses and public organisations around the world. A particularly virulent and fast-evolving species of malicious software, it infects computers and mobile devices, often spreading across networks to other devices. Once it compromises a system, it quietly encrypts every data file it finds, then displays a ransom note to the user demanding an online payment of hundreds or thousands of pounds (to be paid in cryptocurrency like Bitcoin) in return for the decryption keys needed to restore the user’s locked files.
Whilst prevention is better than cure, recent organisations like London’s Hackney Council, Redcar council and Eurofins Scientific Forensic analysis labs have all experienced an attack and succumbed to ransomware. So if even the “big boys” who can spend many thousands of pounds annually just on cyber security can fail, what chance is there for smaller companies and organisations.
Firstly, if you are hit, don’t panic. Make sure all your staff are aware who to call in the event of a security incident (whether ransomware or some other type of attack) and that your IT department have a documented procedure of what to do, whether that is shutting down computers or servers, or disconnecting segments of your network.
Then the remedial work can begin, either rebuilding the PCs and servers and restoring from backups, if backups are not available (see this page for our backup service) attempting to break the encryption of the ransomware. There are many free tools to help with this, most require a degree of technical knowledge. If you are not at all sure, we would recommend contacting your IT support company or Midgard to assist.
**Do not pay the ransom – there is no guarantee you will get your data back**
There are some simple steps to reduce the likelihood of a successful attack or to reduce it’s impact.
Educate all staff on ransomware’s risks and how to use email and the web safely.
Create regular backups of critical systems and data.
Maintain up-to-date firewalls and anti-malware systems and protections.
Use web- and email-protection systems and software.
Limit the ability of users or IT systems to write onto servers or other systems.
Have a robust patch management program.
Remove any device suspected of being infected from your systems.
These are all things that Midgard will be able to assist you with. Remember that nearly 3 out of 4 companies infected with ransomware suffer two days or more without access to their files, how much would each day of business cost you?