Ransomware: How to Protect Your Business

On Friday, 12 May 2017, a sophisticated and coordinated ransomware attack, appropriately dubbed WannaCry, had us in all in its thrall. Within a few hours, data on 250 000 computers in 150 countries was encrypted and “held hostage” by hackers.

Let’s talk cyber security South in Africa. Ransom amounts, to be paid in untraceable bitcoin, were issued via pop-up messages. The contagion spread like wildfire, from Europe to the UK, USA, South Korea, Japan, China, Australia and even South Africa.

Massive organisations were brought to their knees, and there was little anyone, or anything, could do about it.

Ransomware accounts for billions of dollars in losses

Here at home, banks and insurance companies shut down entire IT infrastructures to mitigate the risk. Employees were sent home, costing the country millions in lost productivity.

Although there has never been a cyber-attack on this scale, ransomware is not a new phenomenon.

Last year, it’s estimated that American businesses lost $1 billion to ransomware attacks, which occurred at an average incidence rate of 4 000 a day.

Malicious attacks at all levels

It’s not just large corporations that are vulnerable to ransomware attacks. Small business’ and even individual users have also fallen prey. For a SME with limited resources, an attack can be especially devastating.

In fact, smaller businesses may be particularly at risk because they invest less time and money in sophisticated data security and backup solutions.

Unfortunately, there’s no guarantee that giving in to attackers’ demands will restore the data that has been hijacked.

Over the past 12 to 18 months, an increasing number of ransomware attacks have ended with users’ files being permanently deleted or scrambled, despite ransom money having been paid over to the attackers.

Security experts have since warned victims not to pay demanded ransom money. Although that may be more easily said than done if data critical to your business is at stake.

How does ransomware work?

Ransomware is malware that infiltrates your computer via vulnerabilities in the operating system, or when you open a malicious email or attachment. Based on the type of malware used to infect the system, your files are either encrypted or your desktop, apps and files are frozen.

In either case, the result is that you can no longer access your data.

The attackers then demand that you pay a sum of money to regain control of your files.

At least in theory, pay the ransom and you’ll be given a decryption key you can use to unlock your files or re-activate your desktop. Fail to pay and your files may be deleted.

A ‘crack’ in Windows let WannaCry in

According to the US National Security Agency (NSA), WannaCry exploited an inherent vulnerability in Microsoft’s Windows operating system. Once the malware had infiltrated one computer, it quickly infected the entire business network.

Although Microsoft patched the security weakness in the latest versions of its operating system, older versions were open to attack. For example, Windows XP and Windows Server 2003.

The software giant has since resolved the issue across its entire Windows suite. Of course, that doesn’t mean attackers won’t find other security vulnerabilities to exploit.

How to protect your business

To protect your business against ransomware, the best bet is to tighten your company’s general defenses against online attacks. This involves investing in cyber security in South Africa:

  • backing up all your data and including at least one copy of the backup offsite
  • installing and updating trusted anti-malware software
  • consistently applying the latest Microsoft security patches
  • automatically scanning incoming and outgoing emails
  • updating all Microsoft Office applications
  • investing in user training about secure online practices and habits.

Almost 60% of malware infections originate from phishing emails or malicious attachments, so user training is an essential aspect of business data security.

Organisations with the lowest ransomware attack rates are those that combine regular user training and simulations with a powerful antivirus infrastructure.

At PM&A Consulting, we provide offsite data backup services and custom cyber security solutions in South Africa, designed specifically to meet the needs of small to medium businesses. Contact us for more information or to discuss the best, most affordable ways to protect your company’s data and systems, from ransomware and other attacks.

PM&A Consulting