Mere months after WannaCry spread mercilessly across the world and affected hundreds of thousands of computers – including the systems of the NHS, FedEx, and Renault – a new malware called NotPetya has emerged. But, like WannaCry, NotPetya is not overly concerned with stealing personal details, as much malware is. Instead, it simply locks users out of their computers until they pay to regain access. As such, this type of malware is called ransomware, and it stands to define the current era of hacking.
With two significant attacks at the hands of two separate strains of ransomware happening this year alone, we know ransomware is to be taken seriously. But, what exactly is ransomware? Is your business at risk? And, importantly, what can you do to stop this form of malware? Burning questions all, which we will now answer in our short guide to ransomware.
What Is Ransomware?
To begin with, let’s clarify the type of threat that we are dealing with. As mentioned, ransomware is a type of malware that gains access to your computer and then encrypts your files, essentially denying you access to everything you have stored on that computer. The software then gives you the chance to regain this access. In order to do this, you have to pay a certain amount of money. In the case of WannaCry and NotPetya, this amount was payable via bitcoin.
But, how does ransomware work?
In order for the malicious software to work as intended, it needs to be installed on your computer. This means it has to be downloaded by you. But, as you might imagine, you probably won’t know that you are downloading it.
Hackers disguise malware as other software or hide it in links. And, it just needs to be downloaded by one computer on the network. But, once it has been downloaded, ransomware is able to take root and begin encrypting all of the files to which it now has access.
Are You at Risk of Ransomware?
Many small businesses think they aren’t at risk of malicious attacks based on their relative anonymity. After all, what would a hacker want with a small business that has only a fraction of the budget of a larger corporation? But, the truth is that many ransomware attacks are not specifically targeted. Hackers simply put their code out and wait to see what it can do.
Sadly, small businesses often fall prey to ransomware simply because they don’t have the security budget and measures that are available to large companies. Sadly, many hackers see small businesses as stragglers from the herd; easy prey.
How to Protect Your Business from Ransomware
While small businesses are just as much at risk of ransomware, there are still many methods that they can use to defend against it. The following are a few tips for protecting your business against ransomware attacks:
1. Enlist Professional Security Services
Bringing in professional IT support is the best way to protect your company against ransomware. Not only can they create the best defences to mitigate the risk of attack in the present, but they can create a disaster recovery plan that will give your business some options in the event of a ransomware attack in the future. Moreover, security services keep abreast of current changes in the hacking environment and adjust their approach to accommodate these changes, ensuring that your business maintains its best possible defence at all times.
2. Utilise a Good Anti-Virus Package
There are a few dedicated anti-malware packages on the market today, but opting for these means that you will be ignoring other types of infections, like viruses. So, unless you’re happy to purchase dedicated protection for each type of threat, you are better off opting for all-inclusive security software. Fortunately, there is some great security software available.
Known and trusted anti-virus programs like AVG, Norton, Kaspersky, and Avast! are excellent examples, and MalwareBytes is a great dedicated product.
3. Back Up Your Files
Ransomware is not so devastating if you don’t actually lose any valuable data. And, it is possible to ensure that you maintain access to your files by backing them up and keeping them on storage devices disconnected from your network. Fortunately, as a small business, you likely don’t have as much data as large corporations so this is easier to achieve.
Two obvious options would be USB flash drives and external hard drives. The capacity on the former is expanding quite rapidly, so this might be a good option if your business doesn’t generate a large amount of data. Though expensive, Kingston offers a 2TB flash drive. But, it is possible to find much more affordable flash drive options in the range of around 64 to 128 GB. As for the latter, it is possible to find affordable external hard drives with decent storage capacities.
4. Update Regularly
WannaCry was actually developed due to a flaw in the Windows operating system. Microsoft discovered the flaw and issued a patch for it before the ransomware was even released. But, because so many Windows users don’t stay current with their updates, they were still using the vulnerable version of the operating system when WannaCry was released.
For this reason, it is vital that you keep everything up to date. If you can, turn on automatic updates for your operating system, apps, programs, and, of course, your security software.
5. Practice Caution Online
Tell all of your staff to be very careful about what they do online. For starters, ensure that all of your employees only open attachments in emails that they were expecting, and from senders who they recognise. Also, tell them not to click on every link that they receive (it is possible to preview linked URLs on desktop by hovering over them). Finally, have your employees stay away from sites that are known to offer questionable content, and not be drawn in by free content downloads.
Protect Your Small Business from Ransomware
We now live in a world where the threat of cyber-crime is both very real and highly menacing. But, it is possible to take steps toward keeping this threat at bay. Through the combined efforts of professional security services, security software, and a concerted effort to maintain safe online practices, you can greatly limit the chances of your business falling prey to ransomware.