Ransomware is one of the top security concerns Australian businesses face today. But what is it? What damage can it cause? And how can businesses stay protected?
Ransomware is a type of malicious software designed to block access to a computer system until a sum of money is paid. Once a network is infected, all files and data are essentially blocked, with a set payment the only way to regain access. The implications – financial, operational and reputational – can be devastating for small businesses.
The latest major ransomware attack to hit Australia impacted over 10,000 businesses and consumers. In case you missed the headlines, cyber-criminals posing as energy company AGL sent a scam email to businesses and consumers asking them to pay an overdue energy bill. When individuals clicked through to make a payment, they instead downloaded a hidden ransomware which proceeded to lock their computer and demand an $800 payment.
The threat of ransomware will continue to evolve and grow, with 390,000 new malware variants currently being released each day. However, there are simple steps you can take to ensure your business has the greatest level of protection in place:
Having endpoint security that prevents malware infections in the first place is vital. Look for a security solution that protects web browsing, controls outbound traffic, protects system settings, proactively stops phishing attacks, and continuously monitors individual endpoints.
If your systems become infected with ransomware, the only recourse is to recover data and minimise business downtime. There are now many automated on-premises and cloud-based backup and continuity solutions that will back up data and create an air gap to stop ransomware from infecting networked drives. They can help ensure minimal downtime with businesses able to quickly return to normal.
Lots of ransomware variants infect systems using macros. Macros can easily be disabled in the Trust Centre of every version of Microsoft® Office. It is also possible to enable individual macros, should they be used for a particular task. While autorun is a useful feature, it is often used by malware to propagate. For instance, USB sticks will use autorun to proliferate, as do commonly used by Visual Basic Script – VBS – malware and worms. It is best policy to disable autorun.
Windows creates local copies of files using the VSS copy service – VSS provides the backup infrastructure for Windows operating systems, as well as the ability to create consistent copies of a user’s data. Ransomware will encrypt this area because it holds VSS copies for the local drive. Using Windows Policies to block access to the service helps stop ransomware from erasing local drive file backups. Any attempt to access or stop the service will result in a block.
As always with security, users are often the weakest link. Malware will continue to thrive and be a viable business as long as staff are unaware and uneducated on the risks of the internet.
Daniel Slattery, Senior Threat Analyst, Webroot Australia