A ransomware attack is a type of criminal attack that restricts your access to your own systems and data until a ransom is paid. Many ransomware attacks are delivered via phishing emails. These are well crafted and personalised to fool the recipient into clicking a link that triggers the release of malicious software (malware).

The attacks target technical and human weaknesses, often combining both to infect a single user’s account, which then gives the criminal the opportunity to search the rest of your network, including online back-ups, before encrypting the data.

Such attacks can be damaging to organisations of all sizes, and the disruption they cause can last for days, weeks and even months.

Ransomware has grown into a significant industry for criminal gangs because of:

• its relatively low level of sophistication

• the ability for it to be performed remotely

• the arrival of ‘ransomware as a service’, which enables skilled technicians to offer their capabilities to criminals

• the existence of cryptocurrencies, which can facilitate ‘cashing out’ or spending the ransom without changing it into hard currency

“The frequency of ransomware attacks is rising, and every business is vulnerable,” says Neil Bellamy, our Head of Technology, Media, Telecoms (TMT) and Services. “That’s why it’s critical for business leaders to put effective cyber-security measures in place to deal with ransomware attacks and speed up their response.”

A successful defence against malicious outsiders trying to gain access to your organisation involves a multi-layered approach, applying robust strategic and tactical controls.

Complex passwords, based on three random words that don’t follow a pattern and are unique, are a simple way of helping keep systems secure.

When combined with multi-factor authentication – where access to the network is granted only after the user inputs a code that’s been sent to their mobile phone, for example – they can limit the risk of your systems being compromised.

Using a password manager can be an effective way of ensuring that passwords are long and complex enough but that there is no need to remember them for different applications.

It’s essential to make regular back-ups of your critical data. Should you get hit by a ransomware attack, you will have the confidence that you can always restore the back-ups.

A word of warning, though: don’t have your back-ups on permanently connected network shares as these can also be vulnerable to ransomware attacks. Take a regular back-up and keep it on a separate, offline device so it is protected from automated attacks.

The longer the period between backing up and attack, the more disruptive it will be, so back up regularly and test data retrieval procedures to make sure that it works when needed.

Intellectual property, software application-specific material and frequent real-time database back-ups that an organisation relies on should also be held in escrow. This means that if a software supplier suffers a major ransomware attack, a clean and reliable copy of both the application and most recent data is available.

Ransomware often exploits known software weaknesses, called vulnerabilities, so updating operating systems, apps and programs is still one of the best forms of defence because the manufacturer will try to remove the vulnerabilities in every software update it issues.

Organisations should make sure they keep an asset register of their systems and programs so they can quickly identify if a new vulnerability will have an impact.

It’s essential to move away from legacy, unsupported, operating systems. The WannaCry ransomware attack that hit the NHS in 2017 targeted computers running an outdated Windows system.

Installing up-to-date anti-virus programs on all machines is a vital mechanism for preventing many cyber attacks, including ransomware. It is often advisable to adopt a multi-layered approach, using a different program on local machines from that used on servers or email gateways.

Regular application and infrastructure vulnerability scanning will pinpoint weaknesses that attackers could exploit. Validating the application source code will also enable an organisation to understand, redeploy and maintain the application without additional support from the software supplier should the supplier suffer a ransomware attack.

As ransomware attacks often rely on exploiting human weaknesses, such as clicking links or opening attachments without thinking, employee awareness is an effective way of preventing many attacks.

Check permissions on shared network drives regularly to prevent ransomware spreading to mapped and unmapped drives.

Most users within your organisation don’t require administrator rights, so don’t give them. The same applies to file permissions. The majority of people only need to access files to read them. Lock the permissions down, granting users ‘read only’ privileges by default.

System administrators with high levels of access should avoid using their administration accounts for email and web browsing. A separate account and laptop for administration that has no internet access is a sensible way to limit the damage that might occur if their normal account is compromised.

There has been considerable growth in technology that delivers ‘endpoint detection and response’ (EDR), which monitors each laptop, computer and server on a network and blocks automated ransomware.

The EDR technology can be monitored remotely so the security or IT person can see what is happening in real time, stop the installation of malicious software and restrict the ransomware’s ability to encrypt the system.

The monitoring can also be done by third parties in a security operations centre (SOC) which monitors and responds 24/7.

Ransomware continues to be a significant issue for organisations of all sizes. A bit of thought can make a huge difference in being able to resist an attack. If the criminals do get through your defences and run their ransomware, having an effective response plan and good offline back-ups can make all the difference.

• Combine complex passwords with multi-factor authentication

• Limit administration privileges to those who need them

• Make regular back-ups of your data, and keep it on an offline, secure device away from your network servers

• Patch and update your operating systems and software, including anti-virus software

• Educate people within your organisation to improve awareness of the ransomware threat