How to really protect against ransomware

At the National Security conference hosted by Massey University, Chris Finlayson warned that cyber attacks were a growing, and very real threat, to governments, companies and individuals.

“Because physical borders are one thing but cyber borders are another, and these sorts of things are happening on a regular basis. We’re all told as private citizens, cover your number when you go to the ATM and things like that.”

“But these sorts of things are becoming more common and the effect on a New Zealand company of a cyber intrusion and what one gets these days – cyber ransoming – is actually a very serious matter.”

Professor Greg Barton, a leading Australian expert on terrorism and countering violent extremism, raised the potential for terrorist groups such as Isis to use cyber attacks to further their aims by causing destruction and gaining finance via ransomware and other types of attacks.

This is an interesting twist on what up to now appears to have been a purely commercial venture by cybercriminals. Whether a terrorist group would encrypt files and not ask for a ransom (to cause destruction) or ask for a ransom (to gain funds) the solution would be the same – clean out the infection and restore from a recent backup.

Whilst ransomware attacks are not new, this is a timely reminder for organisations to make sure they have protection in place.

There are a number of steps that should be taken:

  1. Educate your staff to be aware of cybersecurity risks, and how to spot phishing emails that may download ransomware
  2. Test their awareness by running an exercise to see if they will click on phishing emails (using safe examples)
  3. Ensure you have email filtering in place that blocks common types of attacks
  4. Configure your PCs and Remote Desktop/Citrix servers to only run authorised programs
  5. Upgrade from anti-virus on your PCs and Remote Desktop/Citrix servers to intrusion detection and prevention software. This moves beyond looking for known viruses and will look for suspicious behaviour (such as a program contacting a command and control server in another country) and block it
  6. Ensure that you have a solid backup and restore solution in place and that it is regularly tested (we recommend a test restore every month)

Following these steps will considerably lessen the risk of falling victim to an attack, and the last step will mean that if ransomware does get through, you are only facing disruption rather than a disaster.

If you would like to know more about how we can help with any of the steps above  or would like an independent review of your cybersecurity, then please get in touch.

%d bloggers like this: