<img src="https://certify.alexametrics.com/atrk.gif?account=b2hlr1ah9W20em" style="display:none" height="1" width="1" alt="">

How to stay one step ahead of the hackers!

ransomware attacks

Ransomware attacks - where hackers gain control of IT systems or data and then demand payment to unlock them again - are soaring, worryingly because companies are all too willing to pay up.

According to recent figures:

  • 54% of UK businesses have experienced a ransomware attack. A fifth of companies were charged $10,000 to get their systems back while 3% were hit with ransoms  of over $50,000.
  • A fifth of companies were charged relatively low demands of $500 which made them more likely to payransomware attacks up, ironically placing them at further risk in future.
  • In one week alone, over 14 million emails containing Locky ransomware were sent to potential victims. Hackers are said to adopt a 'spray and pray' approach.

Malware (such as Cryptolocker, Cryptowall, and so on) is sent via phishing emails. When the recipient clicks on a link, the information on their computer is encrypted, effectively locking them out until the ransom is paid.

Follow these steps to help reduce the risk of ransomware attacks:
  1. Be vigilant when dealing with unsolicited emails - Most malware is sent via phishing emails so don't click on any links in unsolicited emails, no matter how genuine they may seem to be.
  2. Comply with your company's backup policies and schedules - Back up any files and data you use regularly, ideally to an offline storage device. You will be better protected from the fall out of ransomware attacks if you have backup files and data to restore to your system, but make sure that any backup data is stored securely offline so it is useable and doesn't get encrypted too.
  3. Adopt a 'layered approach' to security - Be sure to make full use of anti-virus, firewalls and web filters to help minimise the risk of ransomware attacks.
  4. Keep your anti-virus software up-to-date - Hackers often exploit known vulnerabilities so be sure to always download patches and updates immediately as soon as they become available. Where possible, configure all computers to download and install updates automatically so this isn't ransomware attacksoverlooked.
  5. Check privileges and access rights - Malware executes with the same privileges and access rights as whoever executed it. So, if someone with 'administrator rights' executes ransomware, the code will lock down whatever data they have access to. The greater the access rights, the bigger the impact. Check user privileges regularly and only grant access to data parts of the system on a 'need to know' basis.
  6. Don't pay up - No matter how tempting it may be! There are no guarantees that you'll get your data back or that hackers won't leave other malware behind. Indeed, experts warn that paying up simply makes you more of a target in future.

Leave a comment

Tick

eBook: Essential Uncovered

Skillcast Essentials is our best-selling library and there's a reason for that. Essentials library provides comprehensive coverage of the key compliance / conduct issues that companies in the UK face today.

Download now

How to Manage the Compliance Personas in Your Company

Rory has no time for rules, especially the pointless ones that add a lot of work for no apparent benefit. When he encounters such rules, his first thought is to find a work-around. Andy doesn't mind ...

Read More
FCA Compliance News - November 2018

An overview of the most recent and upcoming changes to FCA guidelines for senior managers...   Regulatory Update The last six weeks have been a very busy time for the UK regulators, with both the ...

Read More
Compliance Essentials News - November 2018

This blog is dedicated to bringing you the news that touches the people dimension of regulatory compliance. It's not only about regulations, policies, procedures and systems. It's also about people, ...

Read More
Getting personal: five ways to engage staff with compliance training

It's an on-going struggle for most companies to engage their staff with compliance training. There's a constant stream of new regulations and tweaks to existing ones. And many of these require ...

Read More