A hooded figure sits behind a laptop.

How to meet ransomware head on and still come out fighting

‘Ransomware’ is a word that strikes fear into the hearts of IT managers all over the world. It slips through the tiniest chink in an organisation’s cyber security armour – an email, a link, one little click – and sets off a chain of events that can be, at best, a big problem or at worst, an utter catastrophe.

If you haven’t heard of ransomware, it is (as the name suggests) basically an extortion tool. And no one is immune. It follows a pretty standard playbook: a blanket of emails (known as ‘phishing’ emails) fire out and contain a link that, when clicked on, will download a virus onto the machine, encrypt all the data and then follow a pre-programmed sequence to do the same to the rest of the network. A ransom demand for access to the decrypt keys to remove the encryption quickly follows. It’s a debilitating event for businesses, with many well-documented ransomware attacksthat have cost multi-millions in losses and recovery. Which begs the question: if huge corporations are vulnerable to ransomware, where does that leave everyone else?

Quentyn Taylor, Director of Information Security at Canon EMEA has a simple answer: “You can’t prevent it happening, but what you can do is prevent the impact being so serious.” While this might not sound like a hopeful scenario, it’s worth remembering that by being consistent and taking a few critical steps, you can still fall foul of ransomware and have buffers in place that can mitigate the effects. He outlines some important steps that can be the difference between an inconvenience and a potentially company-killing event.

Back-up, back-up and back-up some more

“Make sure that you have back-ups of your data and everything is on the network. Using my own PC as an example, if it were to break, I would be quite annoyed, but because there’s nothing permanent on that PC, I’d simply get another and log back on. However, if I were to fall victim of ransomware, some modern variants may go and find the data on the network and try and encrypt that as well. So, your back-ups on the network must also not be accessible. In large corporations having an immutable back-up is standard practice, but because it’s complex it is very easy to get lazy and not do it. However, it is absolutely worth doing.”

Three woman and one figure obscured by a computer, sat and stood looking at a screen.
Large corporations have dedicated resource who can spring into action if the worst happens. Small and medium sized businesses must rely on a mixture of in-house and external resources to protect themselves from attacks.

Make an honest assessment and trust the experts

“Work out what’s core to your business. What would be the maximum material harm you could cope with? Most or all companies should be able to survive the loss of small numbers of assets. Is it imperative to be where your backups are, or can an online cloud provider do the job better? Do you really need to run your own email or could one of the larger online office suite providers give you a more robust service?”

Cyber insurance is essential

“Cyber insurance has moved on a great deal from the ‘suffer a loss and claim it back’ model. Today’s providers will offer the services of third-party security assessors immediately and provide an end-to-end service of the type we’re used to seeing in car and home insurance. For smaller companies, the cyber insurers that offer these ancillary services are a very good idea because in protecting their insured asset, they’ll send out their own experienced people to fix the damage. When looking for a cyber insurance provider, don’t immediately head for the cheapest option and always ask what other security services they can provide. They will be the first people you call in a crisis, so you want the maximum value.”

Work out what’s core to your business. What would be the maximum material harm you could cope with?

Why not just pay?

“Unfortunately, paying the ransom is not uncommon at all. It is, of course, tempting to take the path of least resistance when your business is on its knees, but it is critically important to remember that behind the ransomware is a criminal and they, by definition, cannot be trusted. Will they take the money and still leave you high and dry? There are no guarantees. Additionally, every payment emboldens the criminal and they have more money to spend on their next attack. So, by paying the ransom you are perpetuating the issue. There is also the very real consideration that by paying a criminal or criminal group, you may be inadvertently financing a terrorist organisation, which is a criminal offence. It doesn’t matter what your intention was, this will put you in very serious hot legal water.”

Be alert, stay alert, repeat ad infinitum

“When it happens (and it surely will), you should start recovering data as best you can, take a deep breath and realise that this is something that happens to lots of people, all the time. Concentrate on the fact that 99.99% of all ransomware comes in via email, so focus on email security: multi-factor authentication, anti-malware. Get the basics right, which is easy to do in isolation but to have them right everywhere consistently at all times is extremely hard. But it’s absolutely worth the investment – because at the root of every single complicated attack is a basic control failure.”

Written by Quentyn Taylor

Related Articles