Could Your Backups Survive A Ransomware Attack?

More and more businesses and organizations are getting hit by ransomware demands. It doesn’t matter what industry you are in, hospitals, schools, factories, offices,… are all getting infected and hackers are raking in millions.

Ransomware attacks are devious in their simplicity. A user in a business is tricked into opening a file, usually through a phishing email or download. The file contains malware which then encrypts your data and demands money in exchange for the password to decrypt you data.

All businesses should have a backup and thus should simply be able to restore from their backup if the worst occurs. But this is not always the case.Sometimes the backup  fails for some reason and the data can’t be retrieved. In other instances, the business has a backup that can be restored but it doesn’t include everything they need. So have you tested your backup recently?

Sometime the backup is also caught in the ransomware encryption and becomes useless as a recovery method. This is why it is good to have at least one backup stored offsite and not connected to a computer network.

The only defense is to block the malware before it can infect your network and then continue the protection with a comprehensive backup strategy for all workstations and servers. Give us a call to discuss how we can help secure your business against ransomware today on 08 8326 4364 or support@dpcomputing.com.au.

Should You Pay for a Ransomware Attack?

RansomwareGetting hit with a ransomware attack is not fun, cybercriminals encrypt your data and you are left having to decide: should we pay to get them back? It is a scene that’s played out across the world with 70% of businesses saying “yes” in 2016 alone. Here are six factors to consider if you are ever in this situation.

1) Do you trust them?

Remember that they are criminals holding your data hostage, how confident are you that they will send you the decryption key and that the key will decrypt all your data? The attackers demand you send the payment via untraceable Bitcoin, so you have no recourse if you never hear from them again. You are also equally trapped if they decide to come back with increasingly higher demands. If they do send the decryption key, be aware they still have access to your systems and can hit you again at any time until your network is fixed by experts. Businesses don’t exactly want their breach publicised, so many don’t admit to paying the ransom, whether it went to plan or otherwise.

2) Can you manage the impact?

The best case scenario is that you can wipe the affected drives and restore from a clean backup without paying the ransom. You may even decide that the encrypted files aren’t that important and simply let them go and just wipe the infected machine. On the other hand, if your data management comes under any special regulations, like health or legal, you may find that the attack has a much wider impact. The attacker will also motivate you to pay the ransom quickly with a countdown and a threat of total deletion when it hits zero. Remember that if the data isn’t that valuable, or you have confirmed backups, this urgency should have no effect on your plans. T

3) How much do they want?

Cybercriminals rarely send out attacks with set amounts, instead, they prefer to customize the ransom based on how much they think you can pay. Large corporations and hospitals are hit with very high demands, while small business demands are more modest. Different countries or regions are also charged differing amounts. They may be “bad guys”, but they are smart people who know your financial limits. They also consider how much similar businesses have paid previously and expect you to follow suit.

4) Are your backups any good?

Always check your backup to confirm that they are working, that the correct data is being backed up and that you can recover the data from them. Many businesses are discovering too late that their backup systems are not robust enough. Either the backup has become infected too, they weren’t up-to-date or they backed up the wrong data. It is imperative that you at least do some quick backup checks to ensure you can recover all your data in case the unfortunate happens.

5) What are you policies?

Businesses are now adding ransomware to their disaster recovery plans and have predefined actions mapped out. Seemingly simple inclusions like who has final say over the payment decision can stop chaos in its tracks. Employees and management alike can then approach the situation calmly and make the best decisions for the business.

6) Stay safe in the first place

Ransomware is not slowing down and all factors say it will increase. As more businesses pay the ransom the cybercriminals are steadily launching new attacks and making it their full-time job. Most of the attacks come via phishing emails – those emails that trick employees into clicking a link – and they can be extremely convincing. While training staff helps, it’s no guarantee. We recommend using business-class spam filters to catch these types of emails before they land in your inboxes so that triggering a ransomware attack becomes something that happens to other businesses and not yours.

Secure your data systems and check your backups now. If you need help, contact us on 08 8326 4364 or support@dpcomputing.com.au.

Eleven Best Security Practices To Stop Ransomware

Ransomware and most malware attacks start in two main ways. A booby-trapped email with a malicious attachment or via a compromised website; which then work their way down to your endpoints and servers.To stop these attacks, it is critical that you have a multi layered approach to security.

This starts with a training your employees and patching your devices right through to cloud based malware filters, dedicated hardware firewalls and corporate grade security applications on each device.

The eleven best security practices to apply now are:

  1. Employee training
    Regular training for employees is essential. Employers need to inform their staff on what to look out for and don’t trust the contents of every email they receive.
  2. Patch early, patch often
    The sooner you patch Windows the fewer holes there are for ransomware to exploit.
  3. Backup
    Backup regularly and keep a recent backup copy off-line and off-site. Offline and off-site means ransomware can’t get to it. With recent backups data loss can be minimized.
  4. Implement corporate grade security software
    A free antivirus program might be ok for home use but do you really want a free program protecting your confidential business data and financial information?
  5. Install a firewall or UTM
    You probably don’t just rely on a cheap door lock on the front door of your house so why rely on a basic firewall on the electronic entrance to your business?
  6. Enable cloud based email filtering
    Don’t rely on your local antivirus software detecting and stopping malware within your email application. Block it before it even enters your network by using using a cloud based filter – one that uses multiple filters is even better.
  7. Enable file extensions.
    Enabling extensions makes it much easier to spot file types that wouldn’t commonly be sent to you.
  8. Disable Macros
    Don’t enable macros in document attachments received via email. A lot of infections rely on persuading you to turn macros on, so don’t do it!
  9. Be cautious about unsolicited attachments
    If you aren’t sure – don’t open it. Check with the sender if possible.
  10. Admin Login Rights
    Don’t have more login power than you need. Having administrator rights may bake things easier for administration but they also give malware free ranges on your computer and network. An infection which may be able to be contained to one device could become a network disaster is the malware exploits admin rights.
  11. Keep applications up to date.
    Stay up-to-date with new security features in your business applications
    For example Office 2016 now includes a control called “Block macros from running in Office files from the internet”.