Ransomware closes business

Ransomware – a subject we’ve discussed numerous times on the TITA blog and there are many good reasons why we return to this topic repeatedly – primarily, it isn’t going away.

The internet is a dangerous place and ‘IT ransom’ now has an annual global worth in the trillions of dollars for its perpetrators. Typically, it’s smaller companies being targeted as they’re less likely to have the security budget that larger organisations can apply to the protection of their data and networks.

Whatever the size of security budget, small or large, spending it wisely is essential and when deciding on where precious dollars should be allocated it pays to remember the old adage – prevention is better than cure.

Consider the recent case of The Heritage Company of Arkansas in the US. They essentially shut down their operations, laying-off over 300 staff just before Christmas after failing to recover from an unpublicised ransomware attack suffered in October 2019. It seems a ransom was paid and an ‘unlock’ code received but, after two months of trying, their IT department was unable to sufficiently recover their data to get their systems operational again.

Perfectly demonstrating that a ‘cure’ isn’t always effective. Even in the best of bad circumstances when, as above, paying the ransom results in frozen systems being unlocked, there’s no guarantee that a company will ever get back to normal running. Prompting the question – would it have been better to be one of the many organisations which pay a ransom and never even receive an ‘unlock’ key? At least they wouldn’t have lost even more money on a fruitless exercise.

Prevention begins by understanding that IT Security is multi-layered – there is no single mechanism protecting IT systems from everything that could compromise security. Individual security layers include: end user training and awareness, system and data backups and up-to-date antivirus software.

  • End users – generally speaking, employees – are the single most likely cause of infection, either by clicking on something like a dangerous link, opening a harmful (e.g. spam) email, downloading a risky file or by having their password compromised. User training and awareness sessions can reduce this risk by reminding everyone of the types of innocent-looking links/documents/emails etc. they might encounter and by having a standard procedure for dealing with suspicious occurrences.
  • Antivirus software must be in place and kept updated to cover all threats as they become known.
  • Anti-spam software filters and intercepts most potentially malicious emails, preventing them ever reaching end-user inboxes and greatly reducing the risk of infection.
  • Backups are essential, but it’s not good enough to simply set them up to run at specified intervals then hope they’ll work if the need arises. A documented process must be in place for regularly verifying the success of backups and for testing to ensure data can be recovered quickly.

Following TITA’s updated Backup Best Practice procedures (i.e. the 3-2-1-1-0 rule) helps protect backed-up data from potentially being targeted first in any ransomware attack on your system overall:

  • Maintain at least 3 copies of business data
  • Store critical business data on at least 2 different types of storage media
  • Keep 1 copy of backups in an off-site location
  • In the ransomware era, adding another 1 to the rule – one backup media is offline
  • Ensure all recoverability solutions have 0 errors

All these recommendations are most appropriate for protecting onsite data and systems integrity. Where an organisation’s IT is a largely cloud-based operation, different security rules and procedures are better suited – we’ll cover these in more detail in a separate article soon.

What if, even after doing all the right things, your organisation is infected with ransomware and your IT systems become locked? The best advice is to immediately contact experts in dealing with these issues e.g. KPMG. As demonstrated above, it’s not simply a matter of paying-up and hoping to receive an ‘unlock’ code – even then, your IT department might be unable to recover data and systems to the point where normal operations can resume.

If you’d like help assessing and, where appropriate, improving your IT Security with prevention in mind, contact The IT Agency on (02) 8317 4730 – we’ll help get your organisation in the best position to withstand any kind of cyber-attack.

Don’t leave IT Security to chance – cyber-crime is only going to get worse…