How to protect your business from ransomware

Posted by - Angus Robinson on the 27th November 2017

Ransomware is on the rise, targeting both small and large businesses across the world. The most recent being the huge hit on the NHS. According to Computer Weekly, ransomware is now the top threat to businesses, causing massive devastation through highly sophisticated hacking and infiltration. The BBC have reported the alarming frequency with which it is attacking businesses. Unfortunately, there is no way to stop an attack once it has started and you can’t prevent it from happening again. However, there are precautions you can take and ways to minimise the damage, which could save you a lot of time and effort in the future.

What is it?

Ransomware such as Cryptolocker is extremely damaging and yet near impossible to catch as they are not actually a virus. Cryptolocker comes in the form of an attachment that when opened, will gradually work through all the files on your computer and shared drives and encrypt every single one individually. This stops you accessing any of your files as an unknown password is required.

Attachments are usually sent to generic email addresses for your company such as sales@, info@ or accounts@, as these are more likely to receive attachments and arouse less suspicion. Accounts emails will be receiving documents like invoices every day, so an external attachments generally raise no alarms. Once the file is opened and in your machine it gradually works through the files. A few days later, you’ll receive a ransom email offering the password to access your files in exchange for tens of thousands of pounds. Although a significant amount of money, it is not a scam asking for millions – hence why small businesses are often the target.

Why is it so bad?

As previously mentioned, this kind of ransomware works slowly. Encryption of your files doesn’t happen instantaneously, meaning it can take days for you to notice that something has gone wrong. Obviously the longer it takes to realise, the more files you become locked out of. These kind of attacks are so sophisticated that it is near impossible to find the original file attachment that caused the damage, so simply deleting the file isn’t a quick solution.

As ransomware works on shared files as well as ones stored on your desktop, the attacking software is not contained to a single machine. It moves across machines and devices potentially affecting your entire operation company wide.

Obviously, the effect of being locked out of all your files is that no work can be done. Business ceases for the time it takes to resolve the issue causing potential revenue losses as well as a huge IT headache. Many businesses deal with sensitive customer data which has now become vulnerable to the hands of the attackers, a big concern for data protection.

What can I do to stop it?

Backups, backups and more backups! These should be done at least once every 24 hours. Once the ransomware file is in, it’s in. It’s near impossible to find and remove. So one of the only ways to return to normal is to restore your backups to before the file was installed. As ransomware works gradually this can be frustrating as you may need to back up to days or even weeks previously. This means that all the work done in that time will need to be redone. Although hugely frustrating, that is a much better option than being locked out for good or starting from scratch!

Prevention is better than any cure. As a small business, it is your responsibility to warn staff to deal with their emails responsibly. Never, ever open an attachment from a sender who you’re not familiar with. If in doubt, consult your IT company and they can scan the file to check if it’s safe or not.

On that subject, make sure you have a reputable IT company that deals with the maintenance and security of your systems. If something goes wrong, they’ll be the ones to fix it for you and it is well worth a little investment to make sure a ransomware or virus attack doesn’t completely damage your business.

An option that many businesses do, is to pay the ransom and receive the password to unlock the files. In most cases, the password is provided in exchange for the money but it’s not guaranteed. However, not only is this seriously damaging to your finances, but it also lets the attackers win making you a vulnerable target.

Although these kind of attacks can seem scary, they can be dealt with efficiently if the right precautions are taken. Small businesses are an increasing target so remember:

• Backup your files
• Do not open any attachments from senders you do not trust
• Invest in a good IT support company

For more information on these kind of attacks, visit here.