Ransomware is a type of malicious software (malware) that infects a computer, stealing sensitive data and restricting access until the user pays a ransom. Ransomware is increasingly used by cybercriminals to extort money from organisations, with finance and healthcare among the most targeted sectors.
In 2017, a ransomware attack saw 80 out of 236 NHS trusts in England compromised. The software, known as WannaCry cost the NHS £92 million in lost output and IT expenses, according to a government report. In August 2022, a new ransomware attack on a supplier targeted patients’ data and disrupted key NHS services, including ambulance dispatch.
These attacks can have significant consequences for organisations, from reputational damage to endangering people’s lives in the case of disruptions to NHS services. This insight illustrates how to protect your business from ransomware attacks and patch vulnerabilities.
What makes your business vulnerable to ransomware?
There is no way to completely protect your organisation from ransomware, but identifying internal vulnerabilities is an essential starting point. This section explores a few of the most common factors of vulnerability to a ransomware attack:
Many ransomware attacks start from email attachments which, once opened, infects the device and steals information. As well as using email monitoring and filtering solutions, make sure to implement cyber security training for employees to prevent phishing emails from spreading.
Unpatched operating systems
Ransomware attacks like WannaCry in 2017 exploit vulnerabilities in the system to gain access to sensitive data. Patching vulnerabilities as soon as they are found is crucial and is best achieved using an automated patch management solution. Not patching or updating operating systems regularly leaves your business vulnerable to frequent attacks.
With remote working being standard practice in most organisations, Remote Desktop Protocols (RDPs) have quickly become one of the most popular attack vectors for ransomware. Microsoft’s proprietary RDP allows employees to remotely access applications and files within their organisation’s server.
Hackers can scan and identify vulnerable RDP ports through the internet to access the network, disable security systems, and install malicious software. Regular and automated network scanning is a great tool to prevent these occurrences.
Events matching a threshold condition
If your organisation does not have monitoring tools for failed login attempts or other suspicious activity, it may be at an increased risk of a ransomware attack. Real-time auditing solutions are useful to set a threshold condition beyond which the system will send alerts for a potential attack.
While this will not necessarily stop a ransomware attack from occurring, it will prevent it from spreading across your business. A Security Operation Centre (SOC) is an essential solution to achieve ransomware prevention, which we will explore in more detail in the next section.
Free cyber security audit
5 steps to ransomware prevention
Once you have identified what could make your business vulnerable to ransomware, you should follow five steps to effectively prevent attacks, adopting a defence-in-depth approach. This means implementing several layers of defence to increase the chances of detecting ransomware before it spreads. While defence and mitigation strategies should be discussed as part of a business-wide cyber security strategy, here are the five steps to start:
1. Implement a Security Operations Centre (SOC)
A SOC is a hub for security management which allows for 24/7 automated threat monitoring and network scanning, among other functions. It is an essential tool for organisations in the digital age, protecting key assets and services.
2. Ensure data is backed up regularly
Backups are the most effective way to protect your data and get them back quickly in case of an attack. Ensure regular data backups and separate backup locations (cloud or on-premise) that are not part of your network, in case hackers target the entire network.
3. Prevent ransomware from entering and spreading across your business
You can reduce the likelihood of ransomware entering and spreading in your organisation by filtering and inspecting content, monitoring emails, implementing multi-factor authentication (MFA) on all devices, and safe browsing lists within your web browsers.
4. Prevent ransomware from running on devices
A defence-in-depth approach is based on the assumption that ransomware will reach your devices, and you should therefore take steps to prevent it from running. This includes adopting device-specific measures depending on operating systems, such as centrally managed devices, keeping antivirus software up to date, and preventing non-essential applications from running automatically.
5. Prepare for a ransomware attack
As well as making it difficult, if not impossible, to get your data back, ransomware attacks cause significant financial and reputational damage, affecting your clients’ trust. This is why it is important to have a strategy for an attack. Your strategy should include:
- Communication with your stakeholders when an attack happens
- How you will handle the ransom demand
- Your legal obligations for incident reporting
- How long it should take to restore devices and virtual environments
- Processes to restore backups and servers
- How to keep running critical services during an attack.
Finally, organisations should keep in mind that paying the ransom is not recommended. Even when the ransom is paid, there is no guarantee that data will be restored, devices will still be infected, and your organisation is more likely to become a frequent target.
Prevent a ransomware attack
Ransomware attacks are a severe threat facing organisations across all sectors. Prevention is fundamental to protecting critical business assets and services. As a certified IT managed services provider, ROCK offers a range of cyber security services to help you protect your business, from cyber security strategy development to audits and a full SOC-as-a-service.