Five tips to thwart ransomware

MTI's Kevin Foster lays out the five steps customers should take to prevent this type of cybercrime

The number of ransomware attacks is on the rise and is expected to increase as hackers target more companies, and advanced software is able to compromise more types of data.

The UK is second only to the US when it comes to being targeted by ransomware attacks, and a recent study found that data hostage attempts grew 127 per cent from 2014 to 2015. More than half (54 per cent) of malware files targeted at UK internet users contained ransomware in 2015.

Recent news that three more hospitals in the US have been hit by ransomware attacks shows cybercriminals being more targeted in their pursuit of a profit and has caused concern about NHS hospitals now possibly being a target. Organisations of all sizes and in all sectors face this growing threat.

So what's the reason for this rise? Yes, hackers are getting more sophisticated, but a major contributing factor is that few organisations have adopted proper security measures to thwart such attacks.

What is ransomware?

Ransomware is malicious software that allows a hacker to deny access to important data files. Ransomware malware is hidden in email attachments, downloads, compromised websites or malvertising. When malware infects a system's hard drive, the cyberattacker will reach out to the victim or company via email requesting a sum of money in return for a decryption key that allows the company to regain access to hacked files.

Protection against this growing threat

There are fairly straightforward methods to reduce the risk of being affected by a ransomware attack. Below are the top five steps to ensure best practice in order to prevent this type of cybercrime.

1. Back up data
An effective way to defeat ransomware is to have regularly updated backups. If you are attacked, you may lose that document you started earlier this morning, but if you can restore your system to an earlier snapshot or clean up your machine and restore your other lost documents from backup, you can rest easy. The backed-up data should be stored on a separate storage device and not your PC, so that the data is segregated, should the PC become infected.

2. Install security and anti-virus software
Malware authors frequently rely on people running outdated software with known vulnerabilities, which they can exploit to silently get onto your system. Security software should be installed on any computing device connected to the internet. Enabling 'automatic update' settings and installing updates as soon as they become available is also good practice and will ensure you do not fall behind when it comes to the latest malware definitions. Regular scheduled scans of your system will also improve protection.

3. Increased vigilance
Successful ransomware attacks often depend on exploiting the inquisitive human mind by fooling users into clicking on or opening a malicious link or attachment. Improving "cyber-hygiene" practices can help to deny hackers' success. This means educating individuals about how to spot suspicious threats and to avoid downloading files from untrusted sources. As always, it's good practice to run a virus scan on the file before opening.

4. Password security
We are told all the time to regularly change our passwords and not to use the same one for multiple accounts. The problem is that the more online passwords we require in our digital lives, the less we adhere to this advice. Setting up password reminders to prompt employees to change their passwords every couple of months is a way of reducing risk.

5. Immediate network disconnection
If you run a file that you suspect may be ransomware, but you have not yet seen the characteristic screen, you may be able to stop it in its tracks by disconnecting from the network before it finishes encrypting your files, which can take some time. This technique is definitely not foolproof, and you might not be sufficiently lucky or be able to move more quickly than the malware, but disconnecting from the network may be better than doing nothing.

Prevention is better than cure

Ransomware can be very stressful and costly to recover from. Back in January, Lincolnshire County Council's computer systems had been closed for four days after being hit by malware demanding what appeared to be a £1m ransom. In fact, the ransom was a lot less (£350), which the Council stated it wouldn't pay.

Compared with the disruption caused, the size of the ransom didn't really matter. The council's systems were taken down for a week and staff found themselves checking a reported 458 servers and at least 70TB of data to make sure the infection hadn't spread beyond wherever it entered the network.

It is important to be aware that pre-emptive measures and backing up data will go a long way to reducing the risk and impact of a ransomware attack. Following this, best practice can help safeguard a business against this growing threat.

Kevin Foster is testing services manager at MTI Technology