Fighting Ransomware

Adopting best practice measures set out in security frameworks, like Cyber Essentials, can reduce the chance of ransomware impacting your business by up to 86%. These security measures help identify any gaps in your cyber defences so you can fix them before being infected with ransomware or other viruses.

Ransomware past, present and future.

  • The first documented ransomware was in 1989.
  • Estimates believe 56% of organisations were targeted in 2020
  • Predictions indicate a growing focus on small businesses that run outdated security software.


Four key steps to reduce the chances of a ransomware infection

Experts, guided by the security standards, recommend a range of controls including regular back-ups and user training (Have end-users avoid clicking on links in emails or opening email attachments from strangers).

1) Maintain an up-to-date, accurate inventory

You can only secure what you can see. Once you know the inventory, you can decide on the appropriate security controls. Inventory tracking without Rebasoft can be tricky as traditional IT asset management systems get out of date very quickly. This means they cannot be trusted with your cyber security. Rebasoft also finds that many asset management systems miss devices as they use infrequent scans or require agents to be installed. It only takes one missed device to allow ransomware in.

2) Ensure you have Anti-Virus/Anti-malware controls on appropriate systems

Ensure you have up-to-date anti-malware controls on PCs and servers in your live inventory. The longer up-to-date controls are missing, the larger the window for infection. Rebasoft very often discovers missed devices, either due to errors in installing software agents or, simply, IT teams not knowing they exist.

3) Ensure each system’s default settings are changed to reduce the likelihood of being infected

Ransomware exploits loopholes and misconfiguration. A user with the wrong permissions can install software from a USB or download site that could contain Ransomware. If these default settings are secured, even if a user clicks on a download link, it is less likely to install.

4) Segment and monitor the network for suspicious activity

If ransomware does get in and infect a “ground-zero” system, it is vital that it is stopped from spreading. Rebasoft traffic monitoring and Network Access Control functions can quickly remove an infected system from the network and quarantine or block communications to prevent spread.

Should you pay the ransom?

Most law enforcement agencies recommend not paying ransomware attackers, citing that it will only invite hackers to commit more ransomware attacks. This is often easier said than done as attackers set the price point so it is worth their time but low enough that it will be cheaper for the targeted organisation to pay the attackers off rather than restore the data.