The use of technological devices has increased on a global scale. As a result, one of the fastest growing online crimes, ransomware, has become a large threat to businesses and their data. After locking you out of your systems, a hacker will proceed to hold your data for ransom before allowing access once again.
In the event of a data leak, you may lose your data. BUT, you could also lose your client base and reputation as well. Businesses need to ensure they can identify the signs that indicate you are under a ransomware attack. This is vital to protect your business and safeguard your data.
If you can stop an attack early on, you have more chances of recovering data more quickly and limiting the damage. Is your business under attack?
Here are some signs you should look out for:
Look for unexpected software
One method used by hackers is taking control of your system through certain software tools. Software auditing tools, such as Qualys, can give you an up-to-date inventory of the software you have installed. You can then compare this against your approved list of applications to quickly see if anything has been added without your approval.
Whether malicious software can take control of a PC directly or steal passwords and log in credentials, using a network scanner is imperative. This helps to identify exactly who and what is running the unexpected software.
Identifying whether cybercriminals are attempting to infiltrate your network early on may prevent the ransomware attack from happening. This will limit the harm to your business and its data. Contact your IT support partner if you notice software present that your IT provider hasn’t installed. This could be a sign of a bigger problem. Having awareness of what should be installed versus what shouldn’t be will go a long way.
Most ransomware is run as a script, which runs in memory as such, so you wouldn’t find it as part of your installed programmes. More recent large attacks have been focused on those companies such as IT providers, Solarwinds & Kaseya for example. These provide legitimate monitoring tools that sit on the machines of end user’s machines to help monitor and mange them. These installed agents have been compromised and allowed thousand of machines to fall victim to ransomware.
Ransomware often attacks begin with a phishing campaign. This is when a legitimate looking email is sent to your business. Although they do not look suspicious, they have been embedded with malicious links or attachments. It is best practice to stay informed about the different phishing techniques that are currently in use to reduce the risk of falling victim to the crime.
These emails tend to have a sense of urgency around them. They may encourage the reader to forgo the usual safety checks. They may appear to come from a colleague that needs help. This is what makes them so dangerous: they tend to prey on these human traits, compassion, and greed.
You may wish to undertake security awareness training and simulated phishing to gain even more knowledge on the topic. SupPortal can offer suitable training to help with this. This will help you spot the signs of ransomware immediately. One of the best things you can do is think before you click! Clicking on random links that appear in junk emails can easily be avoided. Take a moment to look properly at the email, who it has come from. Then apply what you know about phishing to avoid falling into the trap. Then take the appropriate steps to get rid of the email.
Monitoring incoming and outgoing network traffic will also significantly reduce the risk of being hacked. These firewalls monitor and filter the traffic and act as a barrier between your computer, and outside intruders. With two different kinds: a desktop firewall which is a type of software and a network firewall that is a separate hardware device, you are drastically reducing the odds of both hackers and phishers infiltrating your business’s important data.
Verify a site’s security
When disclosure of sensitive financial information is necessary and you are feeling a little wary as to whether you are amid a ransomware attack, make sure you confirm the site’s URL. It should begin with ‘https’ and you should see a closed lock icon near the address bar to show the site has an SSL certificate. If you receive a message claiming the website may contain malicious files, do not proceed!
You can also use the web browsers ‘smart screen’ filter can help to highlight dangerous sites. Ensure you are extremely thorough when it comes to checking the validity of a website and don’t submit your financial information straight away. Being cautious and aware of suspicious content within an email or a site will help you take a step back from the situation and identify any malicious activity straight away.
Using a safe DNS provider, such as OpenDNS powered by Cisco Umbrella, can keep you away from malicious sites. Ensure you have anti-malware software actively scanning webpages as you browse them.
Have you noticed any open RDP links?
An RDP link, also known as remote desktop protocol, is one of the ways cyber criminals can gain access into your network. With remote working on the rise, this can become a very real threat for businesses. Avoid using RDP to directly connect your business machines over the internet. You should only use RDP in combination with a VPN (virtual private network). Should you use them, your IT service provider can ensure your RDP links are closed off by scanning regularly.
Who are your administrators?
Your administrators have the authority and power to authorise applications for download to your network. Keep an eye on what your administrators have changed as cyber criminals can disguise themselves and download apps without you even realising. It is important to note that these tools can also be used by an IT service provider. So, keep up to date with your administrators, and if you’re ever unsure of unfamiliar software, just ask!
It is also important that logins or passwords are not shared, especially for admin accounts. This will make it easier to pinpoint any potential breaches connected to individual logins. Maintain a list of who has admin access and regularly check this against the system. This will ensure you can identify any additions that may have been added. This is part of the guidance given to those undertaking Cyber Essential Certification.
Has anything been disabled?
It can be hard to identify whether your systems have been disabled if you don’t know what to look out for. By completing cybercrime training, users will be more aware of what to look out for in the event of a ransomware attack, and what to do next.
Nobody wants to fall victim to a ransomware attack, especially when they own a business that handles both important and sensitive data. Not every malicious attack has to become a cautionary tale, so follow these crucial tips today and protect your business from harm. If you need further advice about how to protect your business from cybercrime, get in touch with SupPortal today.