769 Shettleston Road

Glasgow, G32 7NN

0141 255 1617

Business IT Support

Mon - Fri: 9:00 - 17:30

Is Your Business Under a Ransomware Attack?

4 signs of ransomware attack on your business

As one of the fastest growing online crimes, ransomware has unfortunately become a very real threat to businesses. The premise is simple; a hacker locks you out of your systems and data, holding you to ransom, before allowing you access again.

 

This fee is typically in the lucrative currency of Bitcoin, but the additional stress and anxiety caused can be just as costly as the ransom itself.

Businesses these days may have employees either in the office or working from home- but they are more vulnerable than ever. The estimated figures of more than a hundred calls a day to insurers relating to problems caused by ransomware showcase just how much of a problem this is.

So, what can you do to protect your business? We will explore this below.

Could you already be under attack?

Even if the hacker has access today, they most likely won’t attack immediately.

In fact, it can take from 60 to over 100 days before you’re held to ransom, so it’s not always obvious or easy to spot. Hackers are sneaky; the longer they’re in your system, the harder it is for you to detect them as they make small changes to infiltrate your business and spot the weaknesses they can exploit.

Now all this sounds frightening, and it can be, but there are steps and methods you (or preferably your IT service provider) can take to ensure your network is safe and to maximise security.

You’re going to see a fair amount of software titles and jargon, which may seem overwhelming, but don’t worry we’ll explain it thoroughly to make sure you get the full picture. Hold on to your hats, we are about to get technical!

1. Check for Open RDP links

One of the most common routes into a network for cyber criminals is via an RDP link, or Remote Desktop Protocol. This is Microsoft technology that allows a local computer to connect to and control a remote PC over a network or the internet.

RDPs are common with businesses who have remote workers, as access becomes a lot easier.

If you’re not sure if your RDP links are closed off to hackers, don’t worry, there’s a couple of ways your IT service provider can help!

  1. Scan for open RDP ports regularly
  2. Use multi-factor authentication for your links (this is where you generate a code on a separate device, such as your phone, to prove it’s really you).
  3. Alternatively, you can have them behind a VPN (Virtual Private Network), which provides you with a private network from a public internet connection.

2. Look for Unexpected Software

Tools such as AngryIP or Advanced Port Scanner are used to infiltrate your network, usually via a phishing email with a bad link. Cybercriminals only need to gain access to just one PC to be able to target the whole network, so it is imperative that all staff are aware not to click any suspicious links via emails. If anyone is unsure, it’s always best to check.
Other potentially dangerous tools include Mimikatz and Microsoft Process Explorer, which can be used to steal your passwords and log-in credentials. There are many ways to leave your system vulnerable so use a Network Scanner to check exactly what’s running and who’s running it. If you notice software present which your IT provider hasn’t installed, you may have a problem!

3. Monitor your administrators

The guardians of your network, your administrators have the power to authorise what applications are downloaded to your network. Hackers cleverly create a new administrator account for themselves in order to download the applications they need, all without you realising it!
Again, be aware of unfamiliar software tools such as Process Hacker, IOBit Uninstaller, GMER and PCHunter. Interestingly, these can all be legitimate tools used by an IT specialist so there may be nothing to it but remember to be safe and of course…ask your IT provider!

4. Check for disabled tools and software

If a cybercriminal has gained admin rights, there are a few telltale signs you need to watch out for. If your Active Directory is disabled, then you know there’s potential for an impending attack.
Next, backup data the criminals have found will be corrupted and any automatic fallback systems that deploy software will also be disabled, to stop your attempts to update your computers after an attack. Something called PowerShell will then be used to spread everything across your network.
Remember that this is not going to happen in 5 minutes! In order to make the attack harder to detect, they will take their time. Our free PDF download goes into more detail on what tools and software to monitor and how the attack occurs undetected.

contact us for a no-obligation cyber security assessment
0141 255 1617

Have you detected a red flag? What can you do to stop an attack?

  • Regain control of your RDP sessions.
  • Forcing a password change across your core systems- only do this after the step above.
  • Monitor your administrator accounts.
  • Limiting who can use PowerShell within your organisation.
  • Remember to keep all of your software and security patched and updated: stop clicking ‘later’ on updates. As pesky as they are, an attack would be worse.
  • Implement multi-factor authentication across all of your applications.
  • Finally, make sure every member of staff throughout the business has regular security training.

contact us for a no-obligation IT security assessment
0141 255 1617

download our guide: 4 signs you're under a ransomware attack here >>

Subscribe to our newsletter

All Rights reserved. Acu IT Solitions,

769 Shettleston Road, Glasgow, G32 7NN
0141 255 1617

call:

Business IT support Glasgow | Office365 | IT Services  | Cloud Services