Overlay
Technology

Protect your business from a ransomware attack

Tim Rawlins, Director and Senior Adviser at NCC Group, looks at the ways today’s business owners can prevent a ransomware attack on their business.

What is a ransomware attack?

A ransomware attack is a type of criminal attack that restricts your access to your own systems and data until a ransom is paid. Many ransomware attacks are delivered via phishing emails. These are well crafted and personalised to fool the recipient into clicking a link that triggers the release of malicious software (malware).

The attacks target technical and human weaknesses, often combining both to infect a single user’s account, which then gives the criminal the opportunity to search the rest of your network, including online back-ups, before encrypting the data.

Such attacks can be damaging to organisations of all sizes, and the disruption they cause can last for days, weeks and even months.

Why are ransomware attacks on the rise?

Ransomware has grown into a significant industry for criminal gangs because of:

  • its relatively low level of sophistication

  • the ability for it to be performed remotely

  • the arrival of ‘ransomware as a service’, which enables skilled technicians to offer their capabilities to criminals

  • the existence of cryptocurrencies, which can facilitate ‘cashing out’ or spending the ransom without changing it into hard currency

“The frequency of ransomware attacks is rising, and every business is vulnerable,” says Neil Bellamy, our Head of Technology, Media, Telecoms (TMT) and Services. “That’s why it’s critical for business leaders to put effective cyber-security measures in place to deal with ransomware attacks and speed up their response.”

Ransomware checklist: eight ways to prevent an attack

A successful defence against malicious outsiders trying to gain access to your organisation involves a multi-layered approach, applying robust strategic and tactical controls.

1. Use passwords and multi-factor authentication

Complex passwords, based on three random words that don’t follow a pattern and are unique, are a simple way of helping keep systems secure.

When combined with multi-factor authentication – where access to the network is granted only after the user inputs a code that’s been sent to their mobile phone, for example – they can limit the risk of your systems being compromised.

Using a password manager can be an effective way of ensuring that passwords are long and complex enough but that there is no need to remember them for different applications.

2. Back it up

It’s essential to make regular back-ups of your critical data. Should you get hit by a ransomware attack, you will have the confidence that you can always restore the back-ups.

A word of warning, though: don’t have your back-ups on permanently connected network shares as these can also be vulnerable to ransomware attacks. Take a regular back-up and keep it on a separate, offline device so it is protected from automated attacks.

The longer the period between backing up and attack, the more disruptive it will be, so back up regularly and test data retrieval procedures to make sure that it works when needed.

Intellectual property, software application-specific material and frequent real-time database back-ups that an organisation relies on should also be held in escrow. This means that if a software supplier suffers a major ransomware attack, a clean and reliable copy of both the application and most recent data is available.

3. Patch and update to ensure security resilience

Ransomware often exploits known software weaknesses, called vulnerabilities, so updating operating systems, apps and programs is still one of the best forms of defence because the manufacturer will try to remove the vulnerabilities in every software update it issues.

Organisations should make sure they keep an asset register of their systems and programs so they can quickly identify if a new vulnerability will have an impact.

It’s essential to move away from legacy, unsupported, operating systems. The WannaCry ransomware attack that hit the NHS in 2017 targeted computers running an outdated Windows system.

4. Use anti-virus software

Installing up-to-date anti-virus programs on all machines is a vital mechanism for preventing many cyber attacks, including ransomware. It is often advisable to adopt a multi-layered approach, using a different program on local machines from that used on servers or email gateways.

5. Test and scan at least every six months

Regular application and infrastructure vulnerability scanning will pinpoint weaknesses that attackers could exploit. Validating the application source code will also enable an organisation to understand, redeploy and maintain the application without additional support from the software supplier should the supplier suffer a ransomware attack.

6. Educate your users to identify phishing attacks

As ransomware attacks often rely on exploiting human weaknesses, such as clicking links or opening attachments without thinking, employee awareness is an effective way of preventing many attacks.

7. Restrict access control

Check permissions on shared network drives regularly to prevent ransomware spreading to mapped and unmapped drives.

Most users within your organisation don’t require administrator rights, so don’t give them. The same applies to file permissions. The majority of people only need to access files to read them. Lock the permissions down, granting users ‘read only’ privileges by default.

System administrators with high levels of access should avoid using their administration accounts for email and web browsing. A separate account and laptop for administration that has no internet access is a sensible way to limit the damage that might occur if their normal account is compromised.

8. Consider using EDR

There has been considerable growth in technology that delivers ‘endpoint detection and response’ (EDR), which monitors each laptop, computer and server on a network and blocks automated ransomware.

The EDR technology can be monitored remotely so the security or IT person can see what is happening in real time, stop the installation of malicious software and restrict the ransomware’s ability to encrypt the system.

The monitoring can also be done by third parties in a security operations centre (SOC) which monitors and responds 24/7.

Preparation can make a huge difference

Ransomware continues to be a significant issue for organisations of all sizes. A bit of thought can make a huge difference in being able to resist an attack. If the criminals do get through your defences and run their ransomware, having an effective response plan and good offline back-ups can make all the difference.

Cyber attack prevention checklist
  • Combine complex passwords with multi-factor authentication

  • Limit administration privileges to those who need them

  • Make regular back-ups of your data, and keep it on an offline, secure device away from your network servers

  • Patch and update your operating systems and software, including anti-virus software

  • Educate people within your organisation to improve awareness of the ransomware threat

This material is published by NatWest Group plc (“NatWest Group”), for information purposes only and should not be regarded as providing any specific advice. Recipients should make their own independent evaluation of this information and no action should be taken, solely relying on it. This material should not be reproduced or disclosed without our consent. It is not intended for distribution in any jurisdiction in which this would be prohibited. Whilst this information is believed to be reliable, it has not been independently verified by NatWest Group and NatWest Group makes no representation or warranty (express or implied) of any kind, as regards the accuracy or completeness of this information, nor does it accept any responsibility or liability for any loss or damage arising in any way from any use made of or reliance placed on, this information. Unless otherwise stated, any views, forecasts, or estimates are solely those of the NatWest Group Economics Department, as of this date and are subject to change without notice.

scroll to top