Think you are protected from Ransomware – Think again

A lot has been written about ransomware, where the term has almost gained a marketing ring to it. However, the reality is that ransomware is a very real threat to both individuals and any size of business. 

So what is Ransomware and why should you care? Typically, Ransomware is a criminal activity where the attacker will either obtain and (or) lock you out of your data, by malicious software and hold you to ransom, which is usually paid in Crypto currency. 

Ransomware as a Service is now a business, albeit illegal, with treble digit growth year on year. While the ransomware term is normally associated with business, this is not always the case. It doesn’t matter whether you are an individual or a large multi-national corporation, if your data holds value, it is exploitable. 

Ransomware attacks are often strategic and with an end target in mind. Every vulnerability, be it people, process, or technology, sometimes from unlikely source is explored with the end prize in mind. There is no rulebook. While a targeted business may consider itself very secure, meeting regulatory and compliance needs with audits, the threat vectors are so vast and varied that mitigation and recovery become more important than prevention. 

The cyber criminals carrying out these attacks have talented IT specialists able to exploit vulnerabilities from any angle, and in return offer a service to unlock or agree not to release information about your data, all the through 24-hour helpdesks, and a comprehensive vendor support network.  

If you are affected by ransomware, it is unlikely that you can rely on criminal proceedings to recover. What you should expect is to be greeted by a friendly helpdesk employee who will set terms of payment to firstly unencrypt your data, and potentially an additional fee not to release sensitive business information to vendors, partners, customers and whoever the non-exposure of that data will be valuable. 

A key consideration for an individual or business is the source of attack could be from anywhere, such as an employee clicking on an unsolicited email, web browsing, using public wi-fi without a VPN, weak or re-used passwords, through 3^rd party or partner exploit, or even accidental user misconfigurations by any individual. 

There are activities you can carry out to mitigate risk to a degree, however it is best to prepare for the inevitable, and have a plan to recover.  

• Recovery as a service

Our recovery as a service will replicate your critical data real-time to an offsite location. Therefore, beyond the reach of your would-be attacker but still giving you the ability to recover your business at a point in time before the attack took place. Unlike an overnight backup, replication ensures you can recover to a recent point in time during the working day minimising data loss and business interruption. 

• Backup as a service

Similar to Recovery as a service, Backup as a service is beyond the reach of an attack to your live data. However, this is more suitable for long term retention. This is a point in time solution and not real-time. 

Whilst recovery is a key takeaway, there are several steps to consider when protecting your data. A large proportion of ransomware is delivered via email predominantly through code embedded in documents and links to malicious websites. Mitigation is multi-layered  and should contain a blend of business processes, software and hardware solutions and products.

We offer a full range of cyber defence solutions and consultancy to help your business implement a robust security posture. From network perimeter to server and desktop applications please contact us for a consultation.

• Mimecast
• Endpoint protection services such as MDR/ EDR
• Network perimeter security
• Immutable data backups (Ransomware protection as a Service)

There are many methods to reduce your risk, however, consider that the only reason you have not been affected is luck. Our connected world is data centric, where data holds value, and that is not just to cybercriminals. 

The key take aways to consider is that Ransomware as a Service is a thing, and hacking is somebody's day job. You are never to be too small to be part of a supply chain attack such as through 3^rd party software, trusted partner, or any other accessible route in to access your data, and the only person to trust is you.