Cynch Security

View Original

Protecting your small business from ransomware

How would you feel knowing someone has taken control of your data and locked you out?

What would you do if the data your business depends on was held to ransom?

This is the nightmare Lion Beverages, Regis Aged Care, BlueScope, Garmin, MyBudget, Services NSW and Toll went through when they became victims of ransomware earlier this year.

Cyber criminals aren't only targeting big businesses, smaller businesses are suffering as well. Unfortunately we don’t hear about them as much, as many don’t report it and likely pay the ransom.

What’s ransomware?

Ransomware is a type of malicious software that cyber criminals use to block you from accessing your data. The digital extortionists encrypt the files on your system with a mathematical key known only to them, effectively locking you out until the demanded ransom is paid.

Ransomware is a lucrative business. Ransomware costs Australian's more than $241 million last year. 🤯

One variant of ransomware known as Netwalker is "believed to have earned more than $25 million from ransom payments since March this year". The cyber criminals behind NetWalker even go the extra mile and take a copy of the data they lock up, threatening to sell it to the highest bidder.

Capitalising on world events like the COVID-19 pandemic, the number of ransomware attacks in Australia has risen by 10% as cyber criminals target large corporations. Industries such as healthcare, legal and education sectors have become juicy targets. They are particularly targeting health care knowing how critical medical information has become.

As part of Scams Awareness Week, Cynch is hosting a free webinar on to protect you small business from ransomware.

The webinar will cover:

  • Who’s being targeted and why?

  • How does ransomware work?

  • How can you protect your business?

  • Should you pay a ransom?

  • What should you do if you become a victim?

How does ransomware work?

Cyber criminals gangs behind ransomware operate full-blown profitable enterprises. They have well-paid employees who do research into companies, individuals responsible for ensuring emails look professional and even tech support that will 'help' you decrypt your data and answer any questions. Some have marketing and customer support teams better than many legitimate businesses! 😒

A ransomware attack starts with research into the target company. Usually a company will be chosen that holds sensitive information and is likely to pay to get back.

Ransomware will usually find its way into your business via a fake email. This will usually impersonate a brand you're familiar with and ask you to open a dangerous website or malicious attachment.

Once installed, the ransomware will spreads through your network, copying and locking up data any data it finds.

After the damage is done, a message will appear telling you to pay up to get the information back. This might also come with a threat to release the information if the ransom (usually bitcoin) is not paid.

What should small businesses do if they become victims of ransomware?

If you're an unfortunate victim of ransomware, don’t be embarrassed. It can happen to anyone.

The first steps you take are vital to your recovery. Here are a few to get you started:

  1. Disconnect device from the network to prevent further spread

  2. Contact an IT Support professional

  3. Review the guidance from the No More Ransom Project

  4. Report the incident to Cyber.gov.au

Should I pay a ransomware ransom?

During political kidnappings or a terrorist hostage situation, the government/police have a policy to not pay ransoms. This is because paying funds criminals and encourage them to continue. The same holds true for ransomware and we should do everything we can to not pay the ransom. Every person who pays a ransom, is helping the perpetrators. There's also no guarantee the decryption keys you'll receive will release your data anyway.

The No More Ransom Project provides ransomware crime prevention advice and decryption tools to help victims recover their files. It's supported by organisations around the world including the Australian Federal Police. In the event of your data being ransomed, try and get your data back via them before you consider paying a ransom.

Why is reporting ransomware is so important?

Many businesses don’t report ransomware incidents as they don’t know where to go or worry about the fallout or embarrassment of people finding out. Anyone can fall victim to ransomware and the more people who report incidents, the easier it is to take down these gangs. 👮

Don’t assume that someone else will report it. The faster you report an incident, the faster things can be done to stop others suffering the same fate.

What can small businesses can do to prevent ransomware causing havoc?

Below are some of the ways you can protect your small business against ransomware:

  • Backing up your data (regularly keeping an offline copy)

  • Check that your most important backup is running

  • Backup your important documents daily

  • Store your backup for 90 days

  • Test that you can restore from your backups

  • Device security

  • Install Anti-malware on systems

  • Disable macros in Microsoft office

  • Ensure you have the latest software/firmware patches installed

  • Have a response plan in place, so you know who to call when a ransomware attack occurs

Our data is in the cloud, is ransomware still a problem for me?

We often get asked if ransomware is still a threat to businesses storing their documents in the cloud (eg. Google Drive, Dropbox or OneDrive).

Although many cloud solutions are starting to alert customers to suspected ransomware attacks, recovering from an incident can still be difficult. The recommendations above still apply regardless of where your data sits.

Start protecting your business from ransomware and much more today with our Cyber Boot Camp program.

Where can I learn more about ransomware?

For more general advice on how to protect yourself against ransomware check out the resources from: