Been Hacked By Ransomware – Don’t Pay!
Another cyber attack, this time the Colonial Pipeline in the US, targeted with a ransomware attack and forcing the company to close down the system.
Ransomware is a problem for every business, large or small. It usually encrypts all of the data that, without the key, cannot be unlocked. The hacker asks for a ransom to be paid before returning the key, allowing the unlocking of the data.
But, if you pay the ransom, you might get access to your data, but probably will be ‘hit’ again as not all the ‘bad stuff’ will have been removed, allowing the hackers to switch on another attack and, of course, they will know that you will probably pay again.
“Never pay,” advises Colin Tankard, Managing Director of cyber security company, Digital Pathways. “Paying ransoms like this is a ‘fools errand’ and is only a short term fix.”
So how do you get your data back, or more importantly, stop it being hacked in the first place?
Tankard advises installing a strong email Inbox security solution, one that scans for all bad links or attachments.
“Companies rely too much on low-cost email scanning systems or systems which are not designed with the latest facilities to handle fileless attacks,” he says. “These are non-signature files and so evade a security system that is only looking for known bad files or signatures.
“If you are in doubt about your current email scanning, or want to verify it is working, run another system in parallel and compare the results. If what you are doing has stopped the same amount, or more, bad emails then you have peace of mind. But if it allows bad emails in, you know you have a problem to fix quickly!
“Also, use a strong email Inbox security system which has intelligent machine learning, enabling it to recognise content that appears to be from within the organisation but has come from outside, masquerading as an employee or executive. Such crafted emails are highly likely to be accepted by an employee as it looks as if it is coming from a known person.”
He also recommends installing a back up system that protects the data/email from being encrypted by ransomware, as the first thing a ransomware attack does is to find the companies back ups and attack them first, before moving on to production data.
This form of back up protection is called immutable storage. Although the ransomware attack still happens, the technology allows you to restore the data while working on the ransomware.
“I liken this to a Rottweiler in your house! You can lock the dog in the lounge, allowing you to move around the house safely even though the Rottweiler is still there. However, you have the luxury of time to think of how to get rid of it. In business terms, it means the company can be back up and running fast.
“The last line of defence is staff. So many companies do not train their employees in how to detect a malicious email or link. It’s easy to deploy training software that sends spoof emails to staff and measures their ability to recognise a bad email. Over time such systems can significantly reduce the number of user clicks on bad emails or links.
“One thing is for sure, paying up should not be the default action. Reviewing systems and implementing sound security systems certainly are,” concludes Tankard.