Cyber Chat Episode 4 – How to avoid ransomware

In this week’s Cyber Chat, Rob May is looking at practical steps you can take to avoid a ransomware attack, including advice on;

  • Using Anti-virus software
  • installing updates
  • having an effective backup system
  • importance of multifactor authentication

Managing the ongoing cybersecurity of your IT infrastructure should be a primary concern – whatever the shape or size of your organisation. Cybersecurity breaches are the number one threat in today’s business landscape. Incidents come in many forms: cyber attacks; laptops left on trains; malicious staff; or, even more simply, accidental data loss caused by human error. The human firewall is vital as a line of defence for any organisation and in this video Rob, author of The Human Firewall (available on Amazon) explains what the Human Firewall is.

Find out more about ramsac’s cybersecurity services

Cyber Chat – Episode 4 – video transcript

I’m Rob May, I’m MD of ramsac and welcome to Cyber Chat. So, today I want to talk to you about steps that you can take to avoid a ransomware attack.
So, ransomware has been around for a long time, the first ransomware attack happened in 1989 and it was called the aids Trojan and I actually remember receiving this. It came in on a 5 and a 1/4 inch floppy disk into the office. And back in the 80’s Aids was very vogue in the news and this disc came in, and it was a survey supposedly from the NHS that you had to run and it was going to tell you how many of your colleagues were likely to get AIDS and people ran it!!
Anyway, that’s the first recorded ransomware attack. Back then a ransom attack was typically what’s called a lock screen attack, so what would happen, is it would install a piece of software on your computer, so that when you when you turned it on, it locked the screen, and displayed a message. These days, while lock screen still exists, it’s far more likely a ransomware attack is actually going to encrypt your data. So, it’s actually going to cut up your data and insert a code so that you can’t access it, and unless you put a key in, which you get when you pay the ransom, your computer is then left inoperable.

So what can you do to protect yourself? I think the first thing is obviously make sure you’ve got antivirus. But, also make sure that you’re updating your computer. What do you do when you get a message to say software updates available? Normally when I’m asking a room this question when I’m doing a training course you get a mix, you get some people who say I just say yes install, more and more you get people who say Well, it’s now forced upon us, which is a good thing. But equally you get a big chunk of people who just say snooze, remind me later.

It’s not that long ago that we in the press, The NHS cyber attack or that’s how it was reported. Now it wasn’t an NHS cyber attack. The attack was a ransomware attack called wannacry. And wannacry impacted 75% of NHS trusts. And lots of operations had to be cancelled and so on. The thing is wannacry was attacking a vulnerability in Microsoft Windows that had been found 5 years previously and in every service pack that Microsoft had issued they had fixed the vulnerability so if you’d been loading software updates, you couldn’t get that variant of wannacry. And what that shows you is the 75% of the NHS trusts hadn’t loaded those updates, so make sure that you load your software updates. The other thing that’s really important is your backup. If your system is encrypted with a ransomware attack what you don’t want to be doing is doing business with the criminal. You don’t want to be negotiating or paying and typically the error message that comes up, tells you what the fee is that you’ve got to pay and there’s a clock and as the clocks ticking by so the cost of the ransom increases. You don’t want to be doing that. You want to be getting your computers disconnected and you want to be going back to backup.

Now for me when I’m talking to clients about backup. It’s no longer an issue of backup the real discussion point is recovery. It’s not whether you are backing up your data, it’s what’s your recovery time. Because there are a lot of different ways of doing backup and some are very effective in terms of recovery time and some are just cripplingly slow, and again, you often get what you pay for. We got called into a client not so long ago, who’s incumbent IT company, were struggling to deal with a ransomware attack. And ramsac had been recommended to them, and when we went in and we looked at the backup that they’ve got and we did a calculation of how long it was going to take to restore their critical data. It was nearly a week and their business was nearly crippled because of it.
So, recovery is really important, and you should know, you should be asking your IT guys (whether that’s internal or external) How long does it take us to recover, and is that appropriate for your business? And you can, you need to be able to sign that off to say yes that’s appropriate.

Third thing is disable Excel macros, for the majority of your users. Macro attacks are a really common form of cyber attack, So, again speak to IT, get macros disabled. And be really aware of email. Be aware of dodgy emails coming in, phishing emails. It’s interesting, so our helpdesk runs 24 hours a day and we get sent lots of emails from people saying this email feels wrong, is it? Well the silly thing is, 99% of those emails are dodgy emails, so you could save a whole load of time, my view is If you get an email and it feels dodgy. Just trust your gut instinct and just delete it. Don’t waste time. Just delete it. And if it’s important, it will typically come back, but you know for all those people who are just thinking this feels wrong, it almost always is.

The other thing to do is, wherever possible use 2 factor or multi factor authentication. We used to talk about 2 FA, 2 factor authentication, and it’s more frequently now referred to as MFA in terms of multi-factor authentication. So, where that’s available, use it. So, typical example of this will be your online banking where if you’re using the banking website, you enter information and it will prompt you to also enter information on your mobile phone. That’s a good example and wherever that’s available you should enable it, and people don’t. It’s available on lots of systems and people don’t because they’re too lazy and my advice is you should because this is going to help protect you.

The other thing is be aware of what Wi-Fi you’re connecting to. Only use safe trusted connections. And if you absolutely have to use public Wi-Fi, be really thoughtful about what you’re doing wherever possible use a VPN. Just take the steps to remain safe. I know plenty of people who will only ever do online banking when their on their home network. They won’t do it anywhere else and that’s not a bad policy.

Finally, you know, avoid dubious websites. Both criminal websites, but also email, also websites of dodgy content because they are very well known to carry attacks. There are now pixel attacks, so, the way those work is you visit a website and they can infect individual pixels on the screen. So, if you move your mouse over that pixel it then launches the installation of a piece of ransomware software.

So I hope those are useful, stay safe and I look forward to speaking to you soon. Thank you.