Ransomware can have a devastating impact on a business with the amount of time is takes to recover from and resume critical business services. These events can also be high profile with along with public and media interest. Not to mention to their customer base.
Ransomware is becoming more and more frequent and always becoming more sophisticated.
So, what do business owners need to know about Ransomware?
- Ransomware is a type of malware that stops you from accessing your computer or the data stored on it. Usually the data is encrypted so you are unable to use it, but it may also be stolen or released online.
- Most ransomware we see now is ‘business wide’ which means it is not just one computer or user but the whole network. Once hackers have accessed your systems, they typically take some time moving around, working out where the important data is saved and how backups are made and stored. With this knowledge, the hacker can encrypt the entire network at the most critical moment.
- The hacker will usually make contact with the business owner/victim using an untraceable email address or an anonymous web page and demand payment (ransom) to unlock your computer(s) and/or access your data. Payment is mainly demanded in cryptocurrency such as Bitcoin and may involve negotiation with hackers behind the ransomware.
- If you do agree to pay the ransom, there is no guarantee that you will get access to your computer, network or files.
- Some hackers will threaten to release sensitive information they have stolen from the network if the ransom is not paid.
- The government strongly advises against paying ransoms to criminals, including when targeted by ransomware. There are practical reasons for this which you will see below and also concern that paying these ransoms will encourage cyber-criminals to continue such attacks.
So, what should business owners ask their IT team?
- As the business owner, how will I know when an incident has occurred? There is often a period of time (known as ‘dwell time’) between a hacker gaining access to your systems and the ransomware being launched. Identifying unauthorised access to systems early can help stop an attack – it is important to discuss what the business has in place for this.
- As a business, what measures do we take to minimise the damage a hacker can do inside our network? Ransomware attacks cause damage and can spread quickly within your systems. Therefore you might like to discuss:-
- How does the business authenticate and allow access to users or systems? Are those measures hard to bypass and is access only allowed if necessary?
- How would the business identify an hacker’s presence on the network?
- How is the network separated so that if an attacker gets access to one device, they will not have access to the full range of the technical estate?
- As a business, do we have an incident management plan for cyber incidents and how do we ensure it is effective? Businesses should think in terms of ‘when’ rather than ‘if’ they experience a cyber-attack. So it is essential to plan your response carefully and to practice your response.
- Does our incident management plan meet the particular challenges of ransomware attacks? This could be how you might respond to to a ransom demand when hackers are threatening to publish sensitive data. Who makes this decision and do you go against what the government strongly advise against doing?
- How is data backed up, and are we confident that backups would remain unaffected by a ransom attack? Ransomware frequently targets an businesses’ data backups, as this increases the likelihood of a business paying. So it is essential that the board seek assurance on how backups are being made, and how secure these are.
We know, there is a lot to think about when it comes to the subject or your business cyber-security! Almost daunting. However we are always available for a chat about your concerns, what you would like to implement in to your business and any other IT related queries.
Contact us today if you would like a chat!