As one of the fastest growing online crimes, ransomware has unfortunately become a very real threat to businesses. The premise is simple; a hacker locks you out of your systems and data, holding you to ransom, before allowing you access again.
This fee is typically in the lucrative currency of Bitcoin, but the additional stress and anxiety caused can be just as costly as the ransom itself.
Businesses these days may have employees either in the office or working from home- but they are more vulnerable than ever. The estimated figures of more than a hundred calls a day to insurers relating to problems caused by ransomware showcase just how much of a problem this is.
So, what can you do to protect your business? We will explore this below.
Even if the hacker has access today, they most likely won’t attack immediately.
In fact, it can take from 60 to over 100 days before you’re held to ransom, so it’s not always obvious or easy to spot. Hackers are sneaky; the longer they’re in your system, the harder it is for you to detect them as they make small changes to infiltrate your business and spot the weaknesses they can exploit.
Now all this sounds frightening, and it can be, but there are steps and methods you (or preferably your IT service provider) can take to ensure your network is safe and to maximise security.
You’re going to see a fair amount of software titles and jargon, which may seem overwhelming, but don’t worry we’ll explain it thoroughly to make sure you get the full picture. Hold on to your hats, we are about to get technical!
One of the most common routes into a network for cyber criminals is via an RDP link, or Remote Desktop Protocol. This is Microsoft technology that allows a local computer to connect to and control a remote PC over a network or the internet.
RDPs are common with businesses who have remote workers, as access becomes a lot easier.
If you’re not sure if your RDP links are closed off to hackers, don’t worry, there’s a couple of ways your IT service provider can help!
Tools such as AngryIP or Advanced Port Scanner are used to infiltrate your network, usually via a phishing email with a bad link. Cybercriminals only need to gain access to just one PC to be able to target the whole network, so it is imperative that all staff are aware not to click any suspicious links via emails. If anyone is unsure, it’s always best to check.
Other potentially dangerous tools include Mimikatz and Microsoft Process Explorer, which can be used to steal your passwords and log-in credentials. There are many ways to leave your system vulnerable so use a Network Scanner to check exactly what’s running and who’s running it. If you notice software present which your IT provider hasn’t installed, you may have a problem!
The guardians of your network, your administrators have the power to authorise what applications are downloaded to your network. Hackers cleverly create a new administrator account for themselves in order to download the applications they need, all without you realising it!
Again, be aware of unfamiliar software tools such as Process Hacker, IOBit Uninstaller, GMER and PCHunter. Interestingly, these can all be legitimate tools used by an IT specialist so there may be nothing to it but remember to be safe and of course…ask your IT provider!
If a cybercriminal has gained admin rights, there are a few telltale signs you need to watch out for. If your Active Directory is disabled, then you know there’s potential for an impending attack.
Next, backup data the criminals have found will be corrupted and any automatic fallback systems that deploy software will also be disabled, to stop your attempts to update your computers after an attack. Something called PowerShell will then be used to spread everything across your network.
Remember that this is not going to happen in 5 minutes! In order to make the attack harder to detect, they will take their time. Our free PDF download goes into more detail on what tools and software to monitor and how the attack occurs undetected.