Ransomware – a business owner’s guide

Who could forget WannaCry?

The infamous and insanely destructive WannaCry attack that hit globally in May 2017 was one of the most damaging cyberattacks of recent times. WannaCry will go down in history for how rapidly it inflicted damage, taking more than 200,000 PCs hostage in over 150 countries and cashing in over US$140k in Bitcoin.

Ransomware incidents like WannaCry or Petya targeting businesses are not uncommon. Australian businesses are among the top 10 countries impacted by ransomware. The minister assisting the Prime Minister for cyber security, Dan Tehan said: “Small business owners should be proactive about their cyber security in the wake of this ransomware campaign affecting computers around the world.”

What is Ransomware?

Ransomware is a type of computer malware that prevents or limits users from accessing their files or computers by locking or encrypting them. Infected computers often display messages to demand the victim to pay the ransom with the average of about $400.

Ransomware executors started preying on individuals but have since become a huge threat to Businesses as well. Small businesses, large corporations and government agencies were among the victims who gave in to ransom demands. But there’s no guarantee that you can get back access to your files or computers even if you do pay the ransom.

How did I get infected?

The most common source of computer infection is through spam emails such as malicious advertisements or scams purporting to be from legitimate organisations such as Australia Post, a bank or a utility provider. They can trick people into downloading malware attachments or linking to a malicious website that looks just like a legitimate site.

An emerging trend now is for some ransomware to also contain worm-like capabilities and spread across networks to other systems including mobile devices. It won’t be long before new forms of ransomware deadlier than WannaCry and Petya appears.

Layers of defence against Ransomware

1.The first defensive layer is timely software patching and comprehensive backup routines. Latest version software gets security updates sooner, and one should turn on automatic update functions such as “Windows Update” or “Automatically check for updates” on Mac.

The smaller the window of opportunity for cybercriminals, the less likelihood of being affected. Backup to offline storage such as portable hard-drive and network attached storage regularly can isolate and contain infection propagation from affecting important files.

2.The next layer is anti-ransomware technologies like anti-virus software and unified threat or security management (UTM/USM) devices. They can offer protections such as firewall, intrusion prevention, gateway anti-virus/anti-spam, content filtering and VPN or Virtual Private Network.

Vendors specialising in cyber security can provide timely signature database update against latest threats.

3.Human is the last and most important layer. Proper training and staff awareness  are essential. All technologies can only function to their full potential with professionally trained people. After all, you wouldn’t want your front door kept open even though you have the best alarm and surveillance systems installed at home.

Final advice

This latest attack is a wake-up call to businesses that defending against cyberattacks isn’t just about spending money on some flashing boxes and allocating the minimum budget

possible to security. Business owners need to be proactive with the layers of defence in order to protect their business and employees against ransomware threats.

Eric Tong is the owner of First Class Accounts Epping and Wisepro.net.au.

Leave a Reply