What is Malware?
Malware is malicious software or web content, and the most common type of malware are viruses, which are self-copying programs that infect legitimate software. If able to run, malware can cause harm in many ways, such as causing a device to become locked or unusable, stealing, deleting or encrypting data and obtaining credentials which allow access to your organisation’s systems or services that you use.
Ransomware is a type of malware that prevents you from accessing your computer (or the data that is stored on it). The computer itself may become locked, or the data on it might be stolen, deleted or encrypted. Some ransomware will also try to spread to other machines on the network.
In most cases, the ransomed business will be asked to contact the attacker via an anonymous email address or follow instructions on an anonymous web page, to make payment. Even if the ransom is paid, however, there is no guarantee that access will be returned.
Occasionally malware looks like ransomware, but after the ransom is paid the files are not decrypted. This is known as wiper malware, maliciously deleting all data and programs.
- Use a Defence in Depth Strategy
Despite your very best efforts, your business will not be able to protect itself 100% against malware. Hence it’s advisable to be ready for an attack at any time. This means you’ll be able to react quickly, stopping the spread of the virus by leveraging multiple security measures at each layer of your cyber protection.
How you back up your data will have a big impact of how effectively your organisation recovers from a ransomware attack:
- Make regular backups of your critical files and check they are working.
- Ensure you create offline backups that are kept in a different offsite location from your network and systems, or in a cloud service designed for this purpose. Ransomware actively targets backups to increase the likelihood of payment.
- Make multiple copies of files using different backup solutions and storage locations. Don’t rely on two copies on a single removable drive or multiple copies in a single cloud service.
- Make sure that the devices containing your backup (such as external hard drives and USB sticks) are not permanently connected to your network. Attackers will target connected backup devices and solutions to make recovery more difficult.
- Ensure that your cloud service prevents previous versions of the backup from being immediately deleted and allows you to restore to them. This will prevent both your live and backup data becoming inaccessible.
- Ensure that backups are only connected to known clean devices before starting recovery and scan backups for malware before you restore files.
- Regularly patch products used for backup, so attackers cannot exploit any known vulnerabilities they might contain.
- There have been cases where attackers have destroyed copied files or disrupted recovery processes before conducting ransomware attacks. Hence, backup accounts and solutions should be protected using Privileged Access Workstations (PAW), which is a dedicated operating system for sensitive tasks, solely for privileged use.
- Reduce Malware Reaching your Devices via Network Services:
- Email filtering, together with spam filtering, which can block malicious emails and remove dangerous attachments.
- Switching on your firewall. Firewalls form a buffer zone between your network and external networks (such as the Internet). Most popular operating systems now include a firewall, so it may simply be a case of switching it on.
- An Intercepting Proxy, which acts as a middleman between user and the website they’re browsing to block known-malicious websites.
- An Internet Security Gateway, which filters internet traffic and enforces compliance, such as blocking websites which don’t use HTTPS.
- Prevent Malware Spreading Across your Organisation:
- Use MFA to authenticate users so that if malware steals credentials they can’t easily be reused.
- Ensure obsolete Operating Systems and apps are properly ringfenced from the rest of the network.
- Access to systems should be limited so staff only have enough access required to perform their role, with extra permissions (i.e. for administrators) only being granted to those who need it.
- Regularly review and remove user permissions that are no longer required, to limit the malware’s ability to spread.
- Ensure system administrators avoid using their accounts for email and web browsing (to prevent malware being able to run with their high level of system privilege).
- Practice good asset management, including keeping track of which versions of software are installed on your devices so that you can target security updates quickly. Tools which can assist in this area are Mobile Device Management or patch management.
- Control the use of USB drives and memory cards within your business. It’s extremely easy and convenient to transfer files this way, but when drives and cards are openly shared, it becomes hard to track what they contain, where they’ve been, and who has used them. Reduce the likelihood of infection by using or cloud storage rather than USB.
- Prevent Malware at Device-Level Security:
- Ensure all your IT hardware and software are always kept up to date with the latest versions from software developers, hardware suppliers and vendors. Patching makes a significant contribution to improving security.
- Operating systems, programmes, phones and apps should all be set to automatically update wherever it is an option, with tools available to assist in the automation.
- Apps for mobile phones and tablets should only be downloaded from manufacturer-approved stores (like Google Play or Apple App Store). These apps are checked to provide a level of protection from malware that might cause harm, unlike third party apps from unknown sources.
- As a product reaches the end of its supported life, updates will no longer be available. At this point, it is recommended to replace it with a modern alternative.
- Provide security education and awareness training to your staff.
- Prepare a Disaster Recovery Plan
Malware attacks, in particular ransomware attacks, can be devastating for an organisation because computer systems are no longer available to use. Recovery may or may not be possible, but your corporate reputation and brand value could be damaged long-term. You can help your business recover quickly if you:
- Identify your critical assets and determine the impact to these if they were affected by a malware attack.
- Develop an internal and external communication strategy.
- Determine how you will respond to the ransom demand and the threat of your organisation’s data being published.
- Ensure that resources such as checklists and contact details are available if you do not have access to your computer systems.
- Identify your legal obligations regarding the reporting of incidents to regulators, and understand how to approach this.
- Exercise your Incident Management Plan, which will help clarify the roles and responsibilities of staff and third parties, and to prioritise system recovery.
If Your Business is Already Infected, Limit the Impact
- Immediately disconnect the infected computers, laptops or tablets from all network connections, whether wired, wireless or mobile phone based.
- Consider turning off your Wi-Fi, disabling any core network connections and disconnecting from the internet.
- Reset credentials, especially for the administrator and other system accounts after checking that you are not locking yourself out of systems that are needed for recovery.
- Safely clean or wipe the infected devices and reinstall the OS.
- Verify that the backup is free from any malware before you restore it and check the device you’re connecting it to is clean.
- Connect devices to a clean network in order to download, install and update the OS and all other software.
- Install, update, and run antivirus software.
- Reconnect to your network.
- Monitor network traffic and run antivirus scans to identify if any infection remains.
How We Can Help at Comprendo…
We offer a wide range of anti-malware options designed to limit the likelihood of your organisation becoming a victim of malicious software or web content. We provide robust network and endpoint security measures, such as backup services, anti-virus / malware software for devices, anti-spam /malware for email, firewall testing, password management and phishing / security training and awareness.
We can install Mobile Device Management software on your fleet of smartphones, tablets and laptops, which will centrally enforce compliancy with rules such as password setting, remote locking and data wiping, automatic software updates, patching, and installing apps.
If we manage the entirety of your IT infrastructure in a support capacity, we are also responsible for replacing end of life hardware and proactively maintaining your critical systems to prevent any breaches of data and limit downtime.
However we support our clients, we always recommend they become Cyber Essentials certified. This means they are protecting themselves against the most common cyber-attacks by checking their security measures against a specified set of technical criteria. Cyber Essentials status means every IT user in your business is actively engaged in its security and demonstrates to your clients (and potential clients) that you are proactively defending your data (and theirs) against cyber-crime.
To discuss any of the above, or any other IT concerns you may have, please contact our dedicated support team:
>> Tel 0345 527 4394 I Email info@comprendo.co.uk
We look forward to hearing from you.
At Comprendo, we provide customer-focused IT services, solutions and support to businesses throughout North Yorkshire, West Yorkshire, Lancashire and beyond, including Keighley, Skipton, Ilkley, Bradford, Harrogate, York, Burnley and Preston. Looking to outsource your IT or review your cyber security? We look forward to hearing from you.