The massive cyber attack unleashed on the world on Friday (in the form of the WannaCry ransomware worm) caused major disruption to thousands of people around the world. The effects of the attack will be felt for some time to come and one question remains: how do you protect yourself from ransomware?
Ransomware is rapidly becoming the tool of choice for criminal organisations to quickly gain large amounts of money for very little effort on their part. The initial costs of acquiring the tool are quickly recovered when organisations panic and pay the ransom, in the hope that they will get their files back.
Paying the Ransom does Nothing
These days, it is highly unlikely that you will get your files back if you panic and pay the ransom. The cyber criminals who infected your system have no incentive to actually give you the decryption keys (assuming they, in fact, have them). There is also no way for you to reverse the transfer of bitcoins once you have made it if they don't give you what they promised.
All paying the ransom does, in most cases, is leave you in the same situation you were in before, minus whatever amount the ransom demand was. While this won't stop some people from paying it, the only real way to protect yourself from ransomware is to ensure you have backups of your files in a safe location.
Backup, Backup, and Backup Again (and test your backups)
If you're reading this post and haven't backed up your important files in the last 24 hours. Stop reading and do it now.
If you're reading this post and haven't tested your backups in the last 24 hours. Stop reading and do it now.
Backups are the only real way to ensure you are protected against a ransomware attack. However, a surprising number of people have never set up proper backup procedures. Of those that have, the vast majority have never tested that they actually work.
If you're reading this and thinking "boy, he's really making a big point about backups" you'd be right, for they are the only thing that will save you, when you fall victim to a ransomware attack.
If you're a consumer reading this and thinking "I don't have anything important enough that I need to worry about backups" think again.
Ransomware targets things you will care about (your music collection, family photos, videos of family gatherings, documents, etc.). How much of that could you replace, when a malicious e-mail drops ransomware on your PC?
You set up your backups years ago. They're still copying everything...right?
Great, you do actually have a backup system in place, but when was the last time you checked that it's still backing up all the files you care about?
Software changes, which means the locations where it stores important files can also change. If your backup systems and policies aren't updated to take notice of these new locations, chances are they're going to miss vital files, leaving you unprotected.
Every time you upgrade your software, take note of any changes to storage locations that are mentioned and make sure you update your backup systems to copy those files.
Off-site backups aren't just a good idea, they're essential
Putting the whole ransomware issue aside for a moment, do you take your backups away from your office? If not, you really should.
Backups are essential for protecting you against accidental or malicious damage to your important data, but leaving those backups in your office doesn't help if the building itself is compromised in any way.
If your office catches fire or is flooded, any backups you leave there are likely to be useless. Rotating your backup devices, ensuring that at least one is always off-site, will ensure you are protected from anything that may physically compromise your business location.
If you rotate the backups every 24 hours, that should be the maximum amount of information you will lose. Meaning you'll only be a day behind, instead of weeks or months if your on-site backup is destroyed or stolen.
Updates: Annoying, but Essential
We all hate them but installing updates is essential for protecting your computers against attack. An update corrects a newly discovered (and often publicly disclosed) security issue in your software. The problem is, many organisations take months to apply updates leaving their systems vulnerable to attack.
If you work on your own and shut down your computer every day, chances are it's automatically installing updates for you. However, a large number of organisations leave their computers running overnight, meaning that updates aren't installed as quickly as they should be.
If you work for an organisation that lets you leave your computer switched on overnight, try and find out if the IT department restarts them at weekends to apply updates. If they don't, suggest that they do, there are even articles like this one (https://deployhappiness.com/automatic-restarts-make-for-a-smooth-day/) that enable them to automate it.
While updates won't protect you from all forms of ransomware (most involve some form of user interaction in order to work), they will protect you from those that exploit vulnerabilities that there have been patches for.
Conclusion
Regularly installing updates, and ensuring that you have working backups are the two most important methods you can use to protect yourself from a ransomware attack. You will be hit by one eventually, it's only a matter of time.
If you're one of the few people reading this article and going "yes, I do all these things" good for you (but it would probably still be wise to double-check).
If you don't have backup procedures in place, use this week to start (all it takes is buying an external hard drive, the backup software is already part of your operating system).
If you don't take a copy of your backups off-site, designate someone to be responsible for them (and if needed, buy additional external hard drives).
If you need help with any of this, get in touch and we'll talk you through your various options.