WannaCry, Petya, Bad Rabbit, LokiBot, Cerber. These aren’t online gaming screen names for a 12-year-old on the other side of the country. In fact, if these names come across your computer, you have a lot more to worry about than getting owned in Overwatch.
Ransomware attacks like WannaCry and Petya cost some companies hundreds of millions of pounds in 2017. The WannaCry attack alone infected more than 200,000 systems in 150 countries within the first day. Bad Rabbit might sound like a funny name, but ransomware isn’t anything to laugh about.
Ransomware is software that encrypts data on a victim’s system or network and threatens to release or permanently block access to the data if a ransom isn’t paid. Many businesses have been willing to pay, but that is a serious mistake. Paying the criminals doesn’t guarantee they will actually remove the ransomware, and it lets them know that you’re willing to pay, making you an attractive repeat target.
The reason many businesses pay the ransom is because they still lag behind on measures to protect themselves. Here are some ways your business could be at risk during the next big ransomware attack.
Unsecured connected devices
Smart lights, smart thermostats, smart plugs – almost everything can be smart these days, bringing connectivity and improved efficiency to many areas of your office space. The Internet of Things can lead to some amazing conveniences and insights, but poor default security settings can leave your business open to a cyberattack.
Connected devices that aren’t properly maintained, patched and updated can be an open door for hackers. Your typical security measures won’t be enough if a hacker can waltz into your network via an unsecured device. Using botnets to find connected devices with weak default passwords, hackers can use a simple brute force attack to access your devices and network and deploy ransomware. Make sure all of your connected devices have secure passwords and get routine patches.
Outdated hardware and software
Think about the oldest piece of tech in your office that’s still used regularly. Is it an old desktop computer with a CRT-style monitor? Probably not. But that’s what you think of when somebody mentions old and vulnerable hardware, right? The reality is that high-tech tablets and laptops that are only a few years old could be similarly as at risk if they’re no longer supported by the manufacturer or you don’t maintain patches.
Outdated hardware and software make for some of the easiest ransomware targets. In fact, the WannaCry attack was so successful because it targeted older Microsoft systems that were no longer being patched. As systems age, vendors stop supporting them with patches and security updates, leaving hackers time to find vulnerabilities.
The National Cyber Security Centre recommends keeping your hardware and software as up to date as possible with patches, but that becomes increasingly difficult as hardware ages. Don’t be left vulnerable. Make sure your systems receive current patches and consider using a service to maintain components that have reached end of life.
Poorly maintained, unsecure backups
Backups are seen as the great equaliser in the battle against ransomware since a full restoration from backup would help you avoid paying a ransom. However, some strains of ransomware can specifically target backups, especially if they are stored on a network file server that is running the same operating system as your primary network. Backups that aren’t performed frequently enough can also mean days’ to weeks’ worth of data being lost during the recovery process.
All backups should be performed to a different operating environment than what your primary network uses to prevent ransomware from affecting both instantly. These backups should also be maintained on a regular basis – hourly if possible – to further protect your business from having to pay ransoms. Even one day’s data could be critical to your business.
Sometimes people have the best intentions – and still make very serious mistakes. An impatient employee might install a less-than-reputable cloud app onto a system because your IT department doesn’t respond fast enough. Or that IT department could be overworked and leave vulnerabilities in place while installing new software.
Human errors are one of the leading causes of major data breaches. According to a study by the UK government, half of the companies polled said their worst data breaches in the previous year were caused by inadvertent human error. In 2016, almost 14 per cent of breaches were caused by human errors. Just like unpatched software and poorly secured devices, problems caused by your own employees can leave you vulnerable to ransomware and breaches.
Everybody makes mistakes, so what can you do? Double checking work and having strong security processes in place can help, but you should still prepare for the possibility that you will be infected. Maintain current backups on all of your systems so you can recover from an attack without paying the ransom.
Have you experienced a ransomware attack? What was the root cause? How did you recover?