05 Jul Business Ransomware Attacks: What steps should businesses take for ransomware protection?
Ransomware remains on the rise in South Africa as cybercriminals turn to increasingly savvy and tougher-to-prevent means of monetising cyber attacks. For businesses who become victim to ransomware attacks, the consequences can be devastating — ransomware that lands in some shared locations within networks can literally paralyse an organisation’s operations. Thus, becoming savvier about preventing and defending against such attacks is vital for every business — and not just major enterprises, but businesses of all sizes.
In light of these developments, ESET offers the following recommendations to keep your business secure from ransomware attacks.
For businesses who become victim to ransomware attacks, the consequences can be devastating.
How Does Ransomware Work?
In many cases, ransomware attacks follow a series of similar tactics when affecting businesses:
Phase 1: Gain access. Attackers scan the internet for vulnerable servers, often attacking weak passwords on servers, exposing the Microsoft Remote Desktop Protocol service to the internet. These operations are usually not targeted against one organisation — they cast a wide net.
Phase 2: Observe. Attackers explore the network surrounding the hacked server and move laterally in the environment to understand where they are and what resources can be compromised (databases, email servers, file servers, etc.).
Phase 3: Attack. The attackers deploy ransomware on all the relevant compromised assets at the same time and demand a ransom that can be adjusted based on the type of organisation they attacked. The larger the organisation, the higher the ransom.
What Should Companies Do to Stay Secure?
ESET recommends a few easy steps to stay secure from ransomware attacks:
Secure any management services on servers exposed to the outside world. Use a virtual private network (VPN), which secures your web traffic and is especially important for remote workers who may be using public WiFi networks. Enable two-factor authentication, an extra layer of security that not only requires a password (which may have been compromised), but also another identifier (such as a unique code generated on your mobile device). Lastly, we recommend running multilayered endpoint protection wherever possible to protect your devices.
Keep offline backups. This is the only sure way to mitigate a ransomware infection.
Do not pay any ransom. ESET never recommends paying a ransom because there is no guarantee your files will be returned to you or that the malware will be removed. Careful analysis of the ransomware must be done to determine whether or not the data can be technically recovered. Some ransomware has poor cryptography implementations, allowing decryption with specialised tools. However, in other cases, ransomware attacks are built so that even the attacker is not able to decrypt the files, regardless of a ransom being paid or not.
Next, get the latest updates on ransomware and how to best protect your business from this increasingly-common threat. ESET has cleaning tools, including some ransomware decryptors, available to help you find and repair the damage inflicted in the latest attacks.