RANSOMWARE – GUIDANCE FOR SMALL & MEDIUM BUSINESSES
26th October 2017
Ransomware is on the rise – there are now more than 50 families of this malware in circulation — and it’s evolving quickly. With each new variant comes better encryption and new features. This is not something you can ignore!
At 360ict we offer our clients full Managed IT Support and have had several instances recently with regard to the ever increasing and evolving problems of RANSOMWARE.
So What is RANSOMWARE ?
A ransomware attack is typically delivered via an e-mail attachment which could be an executable file, an archive or an image. Once the attachment is opened, the malware is released into the user’s system. Cybercriminals can also plant the malware on websites. When a user visits the site unknowingly, the malware is released into the system.
The infection is not immediately apparent to the user. The malware operates silently in the background until the system or data-locking mechanism is deployed. Then a dialogue box appears that tells the user the data has been locked and demands a ransom to unlock it again. By then it is too late to save the data through any security measures.
Encryption Ransomware (Malware)
It encrypts personal files and folders (documents, spread sheets, pictures, and videos).
The affected files are deleted once they have been encrypted, and users generally encounter a text file with instructions for payment in the same folder as the now-inaccessible files.
You may discover the problem only when you attempt to open one of these files.
Some, but not all types of encryption software show a ‘lock screen’
Generally the Cyber Criminals will demand payment by CryptoCurrency, specifically BitCoin
UK Government & Private partners are working with businesses and organsiations affected by the ransomware, including the most prevalent known as ‘WannaCry’.
What is WannaCry?
WannaCry is a type of malicious software known as ransomware. Ransomware makes your data or systems unusable until the victim makes a payment.
What can I do to protect myself?
There are three main things you should do to protect yourself.
1. Update Windows
WannaCry only affects computers running Microsoft Windows operating systems that don’t have the latest security patches installed. If you are using a recent version of Windows (Windows 7, Windows 8, Windows 8.1 or Windows 10) and have automatic updates turned on, you should already be protected automatically against WannaCry.
To update your version of Windows:
- If you are using a currently supported version (Windows 7, Windows 8, Windows 8.1 or Windows 10), run Windows Update and apply any updates.
- If you are using Windows XP, Windows Vista or older versions of Windows, download the WannaCry security update from here and install it.
Note: 360ict strongly recommend that you do not continue to use unsupported operating systems, but instead upgrade to one which receives regular security updates from the vendor.
2. Run antivirus
- Make sure your antivirus product is turned on and up to date. Windows has a built in malware protection tool ( Microsoft Defender ) which is suitable for this purpose.
- Run a full scan to make sure your computer is currently free of all known malware.
3. Keep a safe backup of your important files
- Regularly create a backup copy of your important files (such as photos, documents, and other files that can’t be replaced). If you have backups of files that you can recover, you can’t be blackmailed.
- Make sure that this copy is kept separate from your computer. If it’s on a USB stick, or a hard drive, or on any type of removable media, do not leave it connected (or anywhere on your network) or it may also be attacked by ransomware.
- You should consider using cloud services to back up your files. Many cloud service providers (for example, email providers) offer an amount of cloud storage space for free.
- See 360ict Blog on BACK UP’S
What to do if you have been infected with ransomware
The National Crime Agency (NCA) encourages anyone who thinks they may have been subject to online fraud to contact Action Fraud at www.actionfraud.police.uk
If as a small business you have been a victim of ransomware and are worried about the infection spreading to other parts of your network, these steps may help guide your actions:
- Immediately disconnect you computer, laptop or tablet from network. Turn off your Wi-Fi.
- Safely format or replace your disk drives.
- Whilst you’re still disconnected from your network, directly connect this computer to the Internet.
- Install and update the operating system and all other software.
- Install, update, and run antivirus software.
- Reconnect to your network.
- Monitor network traffic and/or run antivirus scans to identify if any infection remains.
Files encrypted by the WannaCry attack have no way of being decrypted by anyone other than the attacker. Don’t waste your time or money on services that are promising to do it.
The NCA encourages industry and the public not to pay the ransom. If you do:
- There is no guarantee that you will get access to your data.
- Your computer will still be infected unless you complete extensive clean-up activities.
- You will be paying criminal groups.