Understanding Ransomware as a Risk

Released On 11th Nov 2021

Cyber Risks and Liabilities

A ransomware attack can have a devastating impact on an organisation. Ransomware is a type of malicious software, also known as malware, used to prevent a person from accessing their computer or its stored data. The computer itself may be locked, or the data on it might be stolen, deleted or encrypted. Usually, once the attack occurs, the attacker will use an anonymous email address with instructions for making a payment and getting the data back. This is where the ransom element comes in. In order to minimise the lasting damage that can often accompany a ransomware attack, employers should consider taking the following actions:

  • Make regular backups of important files. Up to-date backups are the most effective way of recovering from a ransomware attack. Check that the appropriate members of the organisation know how to restore the backup and test it regularly to ensure it works as expected. It may also be beneficial to make multiple copies of files using different backup solutions and storage locations for added protection.
  • Prevent attackers from gaining remote access. Ransomware is increasingly being deployed by attackers who have gained access remotely via exposed services such as Remote Desktop Protocol (RDP) or unpatched remote access devices. Close these entryways by disabling RDP if it’s not needed or enabling multifactor authentication at all remote access points into the network.
  • Prepare for an incident. Ransomware attacks can be devastating for organisations because computer systems are no longer available to use, and in some cases, data may never be recovered. The following preparations can help organisations recover quickly:
  •  Identify critical assets and determine the impact if they were affected by a ransomware attack.
  •  Develop an internal and external communication strategy to ensure that the right information reaches the correct people in a timely fashion.
  •  Determine what the organisation’s response will be to a ransom demand.
  •  Create an incident management plan and practise it periodically.

For more information, contact us today or visit our cyber webpage.