According to Cyber Security Ventures, a new organisation will fall victim to ransomware every 14 seconds in 2019, and every 11 seconds by 2021. Damage costs this year alone are predicted to be £9.2bn worldwide.
Currently, the three biggest cyber security threats are mobile malware, banking malware, and ransomware. Ransomware is a particularly malicious form of malware as it stops users accessing their data or systems until a “ransom” is paid. It allows hackers to gain full control of a system by encrypting it and locking all users out.
Check out our ‘History of ransomware’ infographic:
The increased use of personal smart phones for work and the growth of BYOD (bring your own devices) policies make corporate IT more difficult to protect than ever. Most companies have always protected against viruses, but ransomware is a top concern right now.
Malware (including Cryptowall and Cryptolocker and Cryptowall) is generally sent via phishing emails. If the recipient clicks on the link contained within them, their computer data is encrypted and they are locked out.
One of the reasons ransomware attacks are on the rise is that companies are paying up. Attackers often adopt a “spray and pray” approach. More than 14 million copies of the Locky ransomware variant alone were sent out in one week. Attackers often then ask for relatively small amounts of money that companies are more likely to pay. A fifth of companies were asked for less than £500, according to one survey.
So what can your company do to protect itself against this malevolent intruder?
Here are some tips on how your company can minimise its exposure to ransomware risks.
1. Employee Guidance
The majority of malware is sent via phishing emails. Provide staff with clear guidance on how to avoid ransomware attacks. Advice should include, for example: the importance of not clicking on unsolicited emails or texts; and that staff should never provide personal information in response to an email, text message or unsolicited email.
A common tactic is to trick employees into installing malware by sending messages claiming to be from the IT department. IT Managers should ensure that everyone knows to contact the IT team direct if they have any suspicions about messages they’ve received.
2. Remote working security policy
Ensure all remote or field workers that may use public WiFi are briefed before they travel on the importance of using a trusted Virtual Private Network (VPN), such as Norton Secure VPN.
3. Antivirus software
Maintaining a strong firewall and using a reputable antivirus software package is vital. Always download the latest updates and patches for your anti virus software. You can usually set computers to automatically download and install them. However, do bear in mind that this alone wont protect you. 75% of companies infected with ransomware were running up-to-date endpoint protection (source: Sophos).
4. Company back ups policy
Review your company back ups policy and schedules, and ensure that there is company-wide compliance.
If you are relying on native backup, such as that provided by Office 365, then make sure you understand your responsibilities and the retention periods for each function. We cover this in more detail in our ‘Office 365 backup gaps you didn’t know about’ post.
5. File restoration
Employing a reputable and reliable backup service and restoring your files from the last known backup is the quickest way to regain access.
6. And finally – Never pay!
Ransomware attacks are increasing because it is a profitable business. But not only does paying the ransom encourage more future attacks generally, it also positions your company as a more attractive target – which effectively makes you more susceptible to future attacks. And there’s no guarantee you’ll actually get your files back!
The Complete Solution
virtualDCS can help you prevent or recover from a ransomware attack. In 2017, Veeam announced a brand new feature that when paired with virtualDCS, gives organisations a new layer of protection in the war against ransomware.
Our Veeam Cloud Connect backup service offers a fully integrated and secure method of transferring backups to the virtualDCS cloud. Acting as an extension of your existing software, you can:
- Complete individual file recovery.
- Access Capacity and planning forecasts.
- End-to-end encryption and single pane of glass visibility.
We have comprehensive solutions available for VMware, Hyper-V, Physical Server protection, Workstation backup and virtualised Apple Macs.
Alternatively, if you are using Microsoft Office 365, our CloudCover 365 backup solution backs up Office 365 data at the click of a button. The solution is fully browser-based, allowing you to easily and conveniently manage your preferences.
With CloudCover 365 you can protect:
- Public folders
If you want to challenge us on how we’d create an IT infrastructure and security system that meets your needs within your budget (or you just want an add-on backup service) then we’d love to speak with you.
We provide training, advice and consultancy as well as delivering solutions. We walk all our clients through the setup process and provide 24/7 qualified technical support and platform monitoring.
Call today for a free informal discussion on 03453 888 327 or email enquiries@virtualDCS.co.uk.