How to Stop Ransomware Gangs

Ransomware is now a huge threat for businesses both big and small. In 2021 ransomware gangs such as REvil and DarkSide attacked the likes of AXA, KIA Motors and Colonial Pipeline. CNA, a US based insurer, reportedly paid a ransom of $40 million. And 2022 is already shaping up to be a bumper year!

To make things worse ransomware gangs are now using double extortion. So even if you have backups and can get your systems back online, they will threaten data disclosure unless a ransom is paid. Frightening indeed for anyone looking after personal and confidential data!

There is good news however. Ransomware gangs are very time conscious and tend to go after the very softest of targets. So with a bit of effort and some simple defences you can make your business too difficult for them to target.

In this Insight I outline three such defences which you can deploy in your business to do exactly that. Follow these simple steps to significantly reduce the risk of your business becoming the next ransomware headline.

RDP (Remote Desktop Protocol) is used by lots of businesses for remote access to the network. It’s used by so many businesses because it’s a nice simple solution. So simple in fact that it’s also how a lot of ransomware gangs get their first foothold on your network before encrypting and stealing your data! They often do this by finding your staff’s login details in the darkest corners of the darkweb.

So please never place RDP unprotected on the Internet. Always always put it behind a VPN! And while you’re at it, and I cannot stress this enough, always use Two Factor Authentication on both your VPN and your RDP. This will mean that even if they do find out that Sarah in HRs password is ‘passw0rd’, they still won't be able to break into your network.

In 2017 Wannacry attacked unpatched Windows machines to devastating effect, bringing the NHS to its knees. In 2022 ransomware gangs still attack unpatched systems as a way to spread through target networks and silently steal your data before launching their crytpo algorithms.

Luckily patching hygiene is a really easy win. Almost all software comes with auto-update capabilities. Updates can be scheduled after hours, and rolled back if they cause issues. So for your everyday devices please please use it. Yes you may get the occasional issue where an update stops something from working, so use with caution, and where necessary test. But generally the odd hiccup here and there is preferable to a scull and crossbones on your desktop on a chilly Monday morning!

Ransomware gangs don’t just strike at random. They often pick very specific targets. For instance they love the education and health sectors because of all that highly sensitive, GDPR relevant data. So when they write phishing emails they are really targeted too. By which I mean they are really really good (in a bad way!). And they love phishing emails because that’s one way they drop initial attacks onto your network.

The good news is that they generally give the game away. They normally try to trick staff into clicking a link, or opening an attachment or something similar. So with good training your staff will notice they are being tricked. And even better, when they notice they can tell other staff so they are on the lookout too.

So give your staff regular ransomware awareness training, and together they can become the vital first line of defence.

I hope that you have found this Insight useful. If you would like to know anything else about how to protect against ransomware please do feel free to get in contact.