Of all the cybersecurity issues to be facing, ransomware is perhaps the most intimidating and panic-inducing. For those not fully aware of what ransomware is, it’s a kind of malicious software, or “malware,” that uses special encryption to grab and hold your information and hold it “at ransom.” That is, the attacker demands that money be paid for you to have access back to your information or device.
For instance, imagine you are working at your computer and the screen suddenly changes to a message from the attackers. It may contain warnings and details on how to pay them, after which (in theory) they will restore your access. After global ransomware attacks even on public services, ransomware protection solutions for enterprise in Australia are now more important than ever.
Below are some further points on how to deal with ransomware as an issue:
1. Backup Everything
The most important thing to have done in the event of any cyberattack, including the use of ransomware, is to have established good habits of backing up all critical data and files in a secure fashion that can’t be touched by hackers and other cyber criminals. The most secure method of backing up is doing so offline on a hard drive or at least a non-networked computer that can’t be accessed from outside.
When you have the most critical data backed up, at least there’s a chance of “rolling back” the system to an appointed time in the backup that will eliminate the ransomware and allow you to prevent it from re-entering your system. This also minimises data loss and other disruptions to your day-to-day operations.
2. Check Your Port Settings
The particular breed of cyber criminals who favour the use of ransomware tend to exploit Remote Desktop Protocol (RDP) port 3389 and Server Message Block (SMB) port 445. If you have a competent IT manager and department who is well-versed in these matters, they will have restricted connections to these ports to trusted hosts only.
Once set in this manner, only those on the white list will be able to establish any connection, and we think it’s safe to assume that your white list won’t include any cyber criminals.
3. Update Systems and Hardware
Some computer systems seem to update so frequently or take so long each time that it’s tempting to keep ignoring the constant reminders to update, instead opting to click on the usual “Remind me Tomorrow” or similar button. It’s best to resist this temptation and instead always ensure that the system is fully up to date. You may feel the updates are meaningless because they seemingly make no changes to the system. In fact, most of the updates are to plug tiny gaps in security that would-be hackers may be seeking to exploit. That’s the major difference being made.
4. Install an IDS
“IDS” stands for Intrusion Detection System, and is a great tool that will sit within your system on the lookout like a sentry for any signs of malicious activity in your system. It will learn about new signatures via updates and alert you as to when any of these malware signatures are seemingly trying to gain access.
5. Implement Staff Training
Finally, none of the above measures mean a great deal if your team remains ignorant as to the importance of cybersecurity, and specifically what to do in the event of ransomware being detected in the system. These events should be trained for and prepared for just as you would a fire or earthquake drill. Everyone should be clear on what to do, who to report the problem to, and what steps to initially take to slow or stop the progress of malware.