Ransomware continues to present an ever growing threat to businesses worldwide. Chester Avey MBCS considers the challenges and highlights some prevention tactics.

While preventing ransomware may sound like a fairly routine exercise for IT professionals with the right infrastructure and resources, the reality is that many businesses still fall victim to sophisticated cyber attacks. Recent statistics point to a 70% increase in ransomware attacks on UK businesses, with the UK proving to be the second most targeted region for cybercrime.

In addition, the evolving digital landscape necessitates innovative ways of building resilience and for businesses to expect the unexpected in uncharted territory.

Ransomware is still a thorn in the side of UK institutions and businesses

The premise of ransomware remains much the same as it always has: with malware encrypting files and data and grinding operations to a halt, followed by demands of (often extortionate) ransom payments in exchange for a decryption key. The coordinated Conti and Ryuk ransomware attacks affected 149 British victims and — across hospitals, schools, councils and businesses — extorted about £27 million. This resulted in sanctions on seven Russian nationals courtesy of concerted action against international cybercriminals.

Notable recent attacks have included the Greater Manchester police force, Royal Mail and The Guardian. If these established institutions and companies can fall victim to this highly intricate and malicious form of cybercrime it’s clear that more needs to be done to protect against it. Businesses must invest in more robust defence strategies and make suitable preparations. Not only should this be in relation to the containment and isolation of threats, but also in terms of their disaster recovery efforts and long term preservation of their reputation.

The growing ransomware landscape has made many business leaders question whether paying a cybercriminal’s ransom is the most effective way to minimise harm. This prompted the release of an in-depth financial sanctions and ransomware whitepaper from the UK government, vehemently advising against such a move. Proactive prevention is far more effective than a reactionary response.

5 Steps to developing a strong ransomware prevention strategy

The five steps outlined below should form a loose framework that business leaders can benefit from when establishing proactive ransomware defence and prevention solutions. Given that the threat of ransomware is not poised to ease anytime soon and is predicted to worsen in the coming years, establishing a bespoke framework for your firm is ideal for safeguarding your operations, data, and integrity.

  1. Prioritise employee education and vigilance

A ransomware attack often initially enters a business network through an employee mistakenly clicking a malicious link or downloading a seemingly legitimate file or attachment. Given how easy it is to overlook the validity of sites and files sometimes, even one slip-up can have dire consequences. Educating staff should be the first step in any ransomware or cyber security strategy.

Encourage regular, routine training workshops outlining the risks of phishing emails and how to identify them, while encouraging the use of strong, complex passwords for accounts — and the importance of not reusing them. Establish clear instructions for reporting suspected phishing attempts or anomalies that bypass initial email security tools and protocols, and extend these instructions to cover broad types of cyber threats.

Advise staff on the dangers of connecting to public or unsecured WiFi networks, particularly when handling sensitive or financial data, as these have been known to present ransomware risks. Go a step further by enforcing VPN privileges to remote workers or geographically dispersed teams, as this encrypts connections between onsite servers.

Fundamentally, however, your team needs to be upskilled and aware of what all of these measures are for to facilitate risk prevention.

  1. Utilise technology to prevent unauthorised access

You can proactively lessen the damage inflicted by ransomware with the help of suitable tools, software and services. For example, the installation of enterprise grade antivirus solutions with regular patches and enforced multi-factor authentication (MFA) policies across all shared business accounts and systems. Establishing these defence mechanisms will block most unauthorised access attempts and reduce the attack surface.

In certain situations, you may need to consult third party specialists or consultants to conduct technical risk or vulnerability assessments. This can range from penetration testing exercises to threat monitoring, which often requires dedicated, outsourced support from agents who actively ‘patrol’ your estate and infrastructure. While it won’t absolve you of the need for an action plan, it’s immeasurably more reassuring to know that you have support backing you up.

  1. Maintain robust offline backups

Speaking of backing up, maintaining sufficient backups of your systems, files and data is vital. Backups can be hosted in a cloud environment, a data centre, or be situated on site on secure servers, and the ideal preference will depend on your business’ incumbent setup. However, as far as data security is concerned, it’s often ideal to make regular backups in an online and offline environment because, should operating systems or drives need to be reinstalled following a ransomware infection, it’s easier if you have a recent backup to turn to.

Many cloud storage providers have tools to roll back ransomware encrypted files relatively easily and without disrupting your operations too severely. For larger infections that have spread across networks, you may need to consider a specialist backup solution. A vulnerability assessment, as mentioned in point 2, may highlight this.

Even strong defences will fail at times, but having backups to hand means you can restore critical data with confidence.

  1. Isolate and contain threats rapidly

Should you suspect a cyber attack or detect anomalous activity, timely isolation and containment are crucial. Even if network traffic is not indicative of a lurking malicious actor, it’s reassuring to know that any possible areas of infection can be remotely and promptly disconnected if need be to prevent the spread.

For you

Be part of something bigger, join BCS, The Chartered Institute for IT.

Suspecting a ransomware attack may not be possible without the help of real time monitoring tools that distribute push notifications and alerts. Assess the scale of the activity and possible area of infection, determine the infected device(s) and contain the attack early by removing it and shutting it down. Isolating any endpoints or devices from networks can prevent ransomware from propagating across networks and infrastructure.

Speed and precision are key traits here, which is where simulations on threat containment can come in handy.

  1. Continuous evaluation and improvement

Crisis communications and PR will prove instrumental in managing your business’ reputation following a ransomware attack, or indeed any other cybercrime, particularly if consumer or stakeholder data has been compromised. It’s strongly advised that ransoms are not paid, and rather that firms maintain transparency with all affected parties, even if that means going public and risking scrutiny from regulators and consumers.

Ultimately, however, an attack on your business is an opportunity to learn and improve its defences so that it won’t suffer anything similar in the future. Review the ransomware attack with staff, and discuss lessons and processes to determine whether the correct measures were followed and what — if anything — could be improved.

Attack simulation exercises as an extension to compulsory workplace training will help prepare your teams for a real world threat. Running mock ransomware attacks and identifying vulnerabilities go hand in hand, often providing you with data, metrics and findings that can influence your incident response plan improvements.

Experiencing a cyber attack, while disruptive, offers an opportunity to vastly and proactively improve cyber resilience and continue the fight against cybercrime.

It’s evident that ransomware presents a severe threat to this day, and will continue to do so with the help of AI and automation growing in availability and being widely adopted. However, this proactive guidance can help businesses of all sizes and industries minimise the damage inflicted, and quickly rebuild operations and consumer trust if attacked.