Security Threats: Malware and Ransomware

Malware refers to malicious software in the form of viruses, spyware, worms, and ransomware that is designed to disrupt, damage, or gain unauthorised access to sensitive data. With the blurring lines between personal and work systems since global lockdowns were enforced in March 2020, business face greater risks of malware infection from home networks. However, prevention can be as simple as having security controls in place.Ransomware attacks grew by 150% during the height of the COVID-19 pandemicRansomware is a dangerous and common type of malware that affects individuals and organisations.Ransomware attacks are rising and affecting businesses of all sizes, from small and medium-sized enterprises to large, multinational organisations. In the first half of 2020, the OAIC saw more than 150% increase in reported data breaches (from 13 to 33) attributed to ransomware attacks compared to the previous six months.

How ransomware works

There are various ways to launch ransomware attacks. The most common method is through a phishing email which contains a malicious file that, when opened or clicked, locks users out of their own systems. The attacker often demands something, such as money or information, in exchange for the key to decrypt them. Some of these attacks result in the exfiltration of data and sensitive information.Ransomware can be installed on a system through other ways such as a fraudulent software download or by visiting a malicious webpage. When a company is attacked by ransomware, they lose access to their own systems making it difficult to understand the extent of the data breach.

Who is vulnerable to ransomware attacks?

Ransomware attacks are not limited to large organisations. With the increasing rate of cyberattacks, businesses that hold sensitive information about their employees and customers, and do not have proper security controls nor follow best security practice are vulnerable to ransomware attacks. This includes accounting firms that maintain their clients’ tax records, law firms that hold sensitive information on court proceedings, and financial services firms that store their clients’ confidential financial data

10 tips to protect your business from malware or ransomware

1. Keep your software and operating systems updated.
2. Ensure that a comprehensive backup strategy is implemented and followed.
3. Download from only trusted websites.
4. Do not open untrusted email attachments.
5. Use VPN when accessing public Wi-Fi.
6. Do not use unfamiliar USBs or external hard drives.
7. Use ransomware monitoring, detection and recovery tools.
8. Whitelist authorised applications and block unauthorised ones to run in your business’ endpoints.
9. Implement controlson administrative privileges as part of your defined identity and access management framework.
10. Implement education programs to increase security awareness of employees.

Security solutions to combat ransomware attacks?

Cyber attackers combine different methods to compromise an organisation’s environment to gain unauthorised access to critical assets. Therefore, businesses should seek advanced solutions that defend their environment against sophisticated security threats.By implementing Microsoft Defender solutions paired with Byte’s Secure Workplace Solution and Secure Managed Services, we can help you to protect, detect, analyse and respond to security risks and threats.Talk to us to find out how to protect your business from all forms of malware and ransomware.