Ransomware Attack (1)

Ransomware – “Do not negotiate with terrorists”

By William Yip

Ransomware is a type of malware that prevents you from accessing your computer (or the data that is stored on it). Law enforcement does not encourage, endorse nor condone the payment of ransom demands. If you do pay a ransom:

  • there is no guarantee that you will get access to your data or computer,
  • your computer will still be infected,
  • you will be paying criminal groups,
  • you’re more likely to be targeted in future.

For these reasons, it is important that you always have a recent offline backup of your most important files and data. Start with a simple question “If I lost all my data, can my business still operate?”. If the answer is yes, you don’t need to read on. If the answer is no, you need to read this article.

What measures can I put in place to mitigate ransomware attack?

Mitigating the risk of a ransomware attack isn’t free, however, the cost of a ransom attack is significantly higher. In March 2022, hackers attacked block chain network, Ronin, that is connected to a popular online game, Axie Infinity, created by Sky Mavis. The attack was said to have cost about $600 million, with the hacker draining what’s known as the Ronin Bridge of 173,600 Ether and 25.5 million USDC tokens in two transactions. 

Whether you are a small or large businesses, the aftereffects of a ransomware attack can cause immense financial and reputational loss. There are several ways to protect yourself from ransomware, but first, you need to understand your own vulnerability. You are likely to get infected via:

  • Email attachment,
  • Downloading / Running unknown Software,
  • Visiting a malicious website,
  • Software exploits,
  • Admin permissions.

Ransomware: How do I protect my business from malicious attacks?

Protecting your business from ransomware attacks can be daunting especially if do not possess technical skills. This guidance helps organisations deal with the effects of malware (which includes ransomware), reduce the likelihood of becoming infected, and in the event of being infected, reduce the spread of malware throughout your organisation and its impacts.

Antivirus

A great way to start is by ensuring your organisation has an up-to-date antivirus product that always scan files for any known malicious programs. As a customer of Tivarri, our managed desktop customers have an AV product installed on their machine. Tivarri recommends Defender for Endpoint as it scans for malicious applications in real-time, protecting users who accidently run an unknown program. It also includes features such as “Web Filtering” that can block users from being redirected to malicious sites where they can accidentally download a malicious file.  Our Office 365 customers have “Defender for Office”, a product that scans for malicious attachments at the Exchange level (Email Server), such that all your devices that connect to your email are protected.

Application Whitelisting

This cybersecurity practice only allows recognised processes to run whilst blocking unknown processes. In simple terms, it specifies an index of executable files or applications that are authorised for use in an organisation. Implementing application whitelisting is a great way to protect your business, computer, and networks from potentially harmful applications. Our customers have this product installed in their Hosted Desktop. Tivarri’s Hosted Desktop is a controlled environment, which means our high skilled staff know what programs can or should not run.

Managed Desktop Support

You can only protect yourself from Exploits by making sure your machine is kept up to date. Cyber Essentials, an assessment by a 3rd party based on guidance from the UK National Cyber Security Centre (NCSC), a government funded organisation dedicated to protecting the interests of UK business, recommends that machines should not have updates older than 14 days and day zero exploits should applied as soon as possible. Tivarri Managed Desktop service does all of this for you, taking away this IT burden, supporting and enabling our customers to focus on their business. We also ensure that all users only have “User” permissions by default to ensure correct permissions are given.

Backups

This would be the last line of defence. If a malicious program was able to execute and encrypt your data, you’ll need a reliable and up-to-date backup of your data. Tivarri Hosted Desktop users have the following:

  • Standard Backup: Nightly full backups of all of servers
    • Shadow copies, that offer previous version of a file 3 times a day.
    • Server Backups are booted and checked manually every night to ensure the backups can be read.
    • Backups are sent offsite to a secondary data centre. 

Tivarri Customers on Managed Desktops have the following options:

  • OneDrive on the machine is configured to backup “Desktop, Pictures and Documents” on the local machine.
    • All files on SharePoint and OneDrive have a default retention of 90 days.
    • Tivarri also has an option to backup this data nightly to a secondary Data Centre that is not in a Microsoft data centre.

Protecting Against Ransomware Attacks: Getting Started

We can all agree that data is important, and the importance of that data is dependent on its value to the individual or company. At Tivarri, we provide full ransomware protection that will keep your business and data protected from any malicious attacks.

Our Hosted Desktop, Cranberry Cloud offers a host of features including application whitelisting, antivirus protection, backups, and managed desktop support. Cranberry Cloud is designed to meet FCA and ISO 27001 standards whilst making use of existing equipment to improve the cybersecurity of your business.

Contact us to review your existing IT security infrastructure and recommend solutions that will ensure your business is cyber safe. Existing Tivarri customers who are interested in these features can also contact us for more information.

Sources

https://www.bloomberg.com/news/articles/2022-03-29/hackers-steal-590-million-from-ronin-in-latest-bridge-attack

https://www.gov.uk/government/publications/cyber-essentials-scheme-overview

Tags: No tags

Comments are closed.