Tips to tackling Ransomware

What can i do

In a previous blog I looked at the increase of ransomware cyber-attacks, especially in the public sector. This time I want to look at some of the ways you can tackle the problem.

Ransomware has become a profitable business with the use of franchised software and sophisticated support functions. With the targets moving from individuals to more profitable organisations it is clear that attacks on the public sector will continue to increase. There is a lot that companies and public sector bodies can do to reduce the possibility of a successful attack and mitigate the effect. A significant amount of this can be achieved through following good cyber security guidelines of the sort that colleagues have recommended, see our blog post ‘Your new cyber security team’. These are also laid out by the Irish National Cyber Security Centre document Cyber security 12 step guide

However, there are some parts of the good practice that are particularly relevant to ransomware prevention. The UK Government National Cyber Security Centre, undertaking a similar role and function to its Irish counterpart, has issued guidance on their pages ‘Protecting your organisation for ransomware’ and like so many things it comes down to doing the simple things right:

  1. Make sure all your staff know how to deal with email phishing, basically ignoring anything that looks suspicious. 39% of ransomware is introduced through email phishing.
  2. Keep your systems up to date, especially with security patches. Software vulnerability accounts for some 8% of attacks
  3. Configure your systems using best practice guidelines from the software and hardware makers. 50% of attacks are through vulnerable Remote Desktop Protocol (RDP) ports that allow remote access to systems. Once exposed details of addresses for these systems will frequently be sold to other attackers.

What we recommend

In addition to both NCSCs’ information there are also some best practice guidelines that we would recommend. These are based on our extensive work helping clients with cyber security and business continuity, even on some occasions when they are recovering from a ransomware cyber-attack. They may seem quite obvious but are easily missed since everyone assumes that someone else has it under control. Our top pointers are:

  1. Make sure that you have a planned back-up strategy for your services, including regularly isolating the back-up from the main network to prevent any virus spreading to your back-up. In this way you can recover to an unaffected set of data should it be necessary. This includes cloud-based Software as a Service, you still have shared responsibility, and the cloud vendor may not be making as many back-ups as you think.
  2. Have a business continuity plan (BCP) that identifies the priority of services and how you would recover them in the correct order. To do this you need to think about your systems and how much they are used. This needs to include office automation such as email and instant messaging as well as the line of business systems. Many organisations would struggle without services such as Microsoft Teams and email more than some of the Line of Business systems.
  3. Test the back-ups and BCP regularly. This will help identify changes in priority or systems that mean changes to the BCP as much as making sure everyone knows what to do and in what order.
  4. On the technical side then segregating networks so that any successful attack can be more easily contained needs to be part of the configuration management.

Gemserv have specialists in all areas of cyber security and business continuity planning that can help design an approach to reduce the chances of an organisation falling victim to a ransomware attack as well as mitigate the overall impact of any attack. If you want to find out more simply fill out the form below and one of our specialists will be in contact.

Share this...

Share on email
Share on twitter
Share on linkedin
Share on facebook

Find out

More

Every day our teams of experts are analysing information like this, providing high-level need to know reports for our clients so they can continue to stay ahead and lead their industries.

Get an unfair advantage – subscribe to our mailing list by filling out the form opposite. You can find out how we look after your data in our Data Policy.

About the Authors