How a ransomware attack works, what to do if you are attacked and how you can prevent it.
You might have heard of ransomware attacks in the news as some sort of malware that infects individuals and businesses alike, but what is a ransomware attack, what can you do if a ransomware has attacked your system and how can you prevent one? The following article is designed to provide guidance on managing this cyber threat and the steps that you can undertake to protect your organisation.
What is a ransomware attack?
As the name itself suggests, ransomware attacks are malwares designed to extort money from their victims. Once a ransomware enters the system it encrypts or locks the data and files so that the victim is no longer able to access them. It then requests money (usually to be paid via bitcoin to avoid traceability) in return for unlocking the system.
Ransomware attacks are on the rise
Despite having been developed in the 1980s, ransomwares only became a real threat in the early 2000s, due to the development of encryption technology. The latest figures show that in 2018 there were an estimated 204 million ransomware attacks, versus the 184 million in 2017.
Not only has the number of attacks increased, but the target of the attacks is also changing: hackers moved from general spreading to specifically targeting victims that are more likely to pay high ransoms, like organisations.
What should you do if you have been infected by a ransomware?
There are only 2 steps you should take:
- Do not pay! Not only would this make you more vulnerable to further attacks (they know you will pay) but paying doesn’t actually ensure that the files and data will be released.
- Get help from the experts. While you might be tempted to try and get a solution internally, getting experts to look at your case and fix the situation is the best approach to save time and maximise the results of an intervention. If you do find yourself in such a critical situation, WellData will be able to assist, so please don’t hesitate to contact us.
What can you do to protect your organisation?
There are at least 7 steps that you should undertake to prevent a ransomware attack:
- Prevent human error. The easiest way for a ransomware to enter a system is via SPAM and someone clicking on a harmful link. Once the ransomware is downloaded it starts spreading across the organisation encrypting files and data along its way.
The best protection from human error is awareness and training: ensure that your people across every level of the organisation are trained in online safety. If you are looking for a reputable source for your training, the National Cyber Security Centre offers free resources to help organisation train their staff.
- Manage vulnerabilities: over time, software and applications might develop flaws that allow viruses in – that’s why developers are constantly releasing new versions and patches. The key is to systematically update your software and applications and ensure that they are up to date.
- Implement the ‘Principle of least privilege’: ensure that you exert strict control on how privileges and access are granted, to ensure that users are given only those privileges that they require to complete their authorised task. From restricted user accounts to superusers, it is critical that the right level of access is granted to reduce pathways and openings that could be exploited.
- Invest in cyber security tools. While there is an abundance of free cybersecurity platforms, when it comes to securing your systems it important to choose the right level of protection for your business.
- Segment your network: Network segmentation is about improving security and reducing threats. By splitting and segmenting your network into smaller networks and subnets you effectively create a physical fence against the spreading of a ransomware attack.
- Invest in off-site databases back-ups: if a ransomware attacks your databases it can take control of your data and files; however, it can also infiltrate into your database backups , effectively preventing you from restoring your data. From copying backups to the cloud, to the old fashion ‘tape in the cupboard’, having a back-up separated from the main system ensures that, if the worst comes to the worst, you can still easily access your databases. Speak to us if you require any assistance with off-site back-ups.
- Constantly monitor your databases: continuous monitoring, real time alerting, and regular checks can highlight the effects of an intrusion before it creates damages or at least severely limit the amount of damage that a ransomware can inflict.
Our clients don’t need to worry about this last step because as part of our services we install specialist monitoring tools, with real-time alerts in place that ensures that, in the case of any anomalous events which could indicate unauthorised activity, a DBA is allocated to the task immediately.
Additionally, one of our WellData DBAs will be on hand immediately to ensure our clients’ databases are recovered and they get back online as soon as possible should the worst happen.
If you have any questions about cyber security for your databases or require any assistance please don’t hesitate contact WellData now, we will be able to help you.
<< Back to Knowledge Centre