Ransomware Explained Simply
Ransomware is a type of cyber attack that uses malicious software (malware) to block access to valuable computing resources and/or data. The malware encrypts targeted systems and files and locks them down until the victim makes a ransom payment. Computers infected with ransomware typically display an on-screen note with instructions to pay the ransom to a cryptocurrency address.
Enterprises, SMBs, and public sector organisations regularly get targeted by ransomware attacks. The damage caused by the 2021 HSE incident served as a warning to Irish businesses about the severe consequences of becoming a ransomware victim. The question is, what can you do to prevent these incidents? Here are some actionable strategies.
Apply Updates On Time
A huge number of successful cyber attacks stem from not applying a software or operating system security update on time. The infamous 2017 WannaCry ransomware attack affected 230,000 computers globally at organisations that neglected to apply a Windows operating system update on time.
Applying the latest patches on time is a basic form of cybersecurity defence that goes a long way towards preventing ransomware and other cyber attacks. It’s wise to enable automated updates for software and operating systems. For even stronger defence, you can regularly schedule vulnerability scanning tools to look for software vulnerabilities within your IT environment.
Be Careful with Macros
Many business professionals use macros to automate repetitive tasks in software such as Excel and Word. Some strains of ransomware specifically seek to exploit macros and execute payloads that install malware on systems. All it takes is an unsuspecting employee to open a Word doc or spreadsheet and the macro to execute.
It’s prudent to be cautious with macros. The latest versions of Office let you disable macros except for those that are digitally signed, which provides an extra layer of security. It’s also possible to block macros from running in Office files downloaded from the Internet.
It’s vital to make sure that your company’s employees don’t lack basic cybersecurity awareness. At a minimum, this basic awareness should be communicated through a solid cybersecurity training program.
The topics covered for ransomware training can include:
- What not to click on in emails
- How to spot phishing emails
- How to verify the legitimacy of an email
- The business consequences of ransomware attacks
A workforce armed with this basic cybersecurity training and awareness reduces the human risks associated with ransomware attacks.
Phishing emails are common attack vectors for ransomware to infiltrate a network. Typically, the perpetrators craft a convincing email containing a suspicious link or attachment. One or more employees clicks the link or opens the attachment. Unknowingly, these business users install malware that can encrypt their systems.
Once the attacker gains an initial foothold into a network, they can abuse admin privileges or use other techniques to spread ransomware to many systems on a network. Losing access to one system is bad, but the real problems start when every computer on your network gets infected.
It’s important to test the level of phishing awareness among employees through simulated attacks. These simulated attacks require cybersecurity expertise to craft the types of phishing emails likely to target your employees. Using the results of phishing attacks, you get visibility into the strength of your cybersecurity posture.
The Secure Target team has a simulated phishing service as part of our cybersecurity testing services suite.