What is Ransomware and how can I protect myself against it?

You have probably heard of Ransomware by now, with several high-profile attacks in the news in the first half of 2017; many organisations worldwide, including our own NHS, have been hit by computer viruses which have crippled their operations by encrypting the files they use and preventing them from accessing their vital data.  There are many articles out there, of varying quality and detail ranging from the scaremongering and sensationalist, written by journalists with limited technical knowledge, to the complex and detailed, written by security experts and requiring a fair degree of technical knowledge to understand.

If you run a business, are worried about the stories you have heard in the news and are not an IT expert or a security expert, then this is for you:

What is Ransomware?

Ransomware is a computer virus that encrypts your files, preventing you from accessing them. It then demands a ransom, usually between £500 and £10,000, to unlock your files.

Is this a new thing?

No, Ransomware has been around for several years, but recently it has become more sophisticated, more widespread, and more dangerous. As a result, more and more people are becoming aware of it.

What is different about recent attacks; why have they had prominent news coverage?

The main reason these attacks are receiving increased news coverage is because attacks are increasing in scale, impact and profile. 

This is because the way this type of virus spreads has changed. Historically, Ransomware viruses have relied on downloads from infected websites, or malicious email attachments sent in spam email campaigns in order to spread from one PC to another, but have not had the ability to multiply themselves and spread across your network automatically.  “WannaCrypt”, the computer virus which affected the NHS, and the most recent “NotPetya” virus, are hybrid viruses consisting of Ransomware (the part which encrypts the files on your network, crippling your operation and demanding a ransom), and a more traditional “worm” (the part that allows it to multiply and spread across your network). This gives the virus the ability to multiply on its own, and spread from one computer to another without any human intervention. This is why the outbreak has been so large and so fast. 

Because of this ability to spread within an organisation, the impact on large businesses such as the NHS, power and utility companies and shipping firms, has increased and this has led to an increased news coverage and public awareness of Ransomware.

I run a small business, am I at risk?

Ransomware is a very real threat to computer security. So yes, in a word, we all are.  Comprehensive IT security is becoming almost mandatory for even the smallest businesses these days due to the increased threat from this type of cybercrime. Having someone in your business, or contracted to your business, who understands the field of IT security and can ensure the correct measures are being taken is vital. However, if you have computers running Windows 7, Windows 8, or Windows 10; and you make sure that they are regularly patched (Windows Updates); your risk is massively reduced.  If you are still running Windows 2000, Windows XP, or Windows Vista in your business you should definitely talk to your IT provider about getting them replaced.

What should I be doing about this threat?

Ideally, you should be undertaking an IT security audit, and looking to certify again one of the nationally or internationally recognised standards such as Cyber Essentials, IASME Gold or ISO27001. These standards provide a benchmark of security standards, which if applied, will provide you with a great baseline of protection.

In order to make some quick and valuable changes to your IT to protect yourself against this type of threat, without doing a full audit and security project, I have some “quick and dirty” tips.

  • Implement a decent password policy. Poor passwords (password123, P@ssw0rd!, etc.) make your systems easy picking for criminals.
  • Make sure you are patching your computers and third-party applications regularly, or employ an IT Managed Service Provider to do this for you.
  • Make sure you have business-grade virus protection. I use Sophos Endpoint Protection Advanced antivirus, and Sophos Intercept-X Ransomware protection; others will have their own preferred vendor. Just make sure it is centrally managed from a server or the cloud, will alert you if a threat is detected, is licenced for business use, and is regularly updated.
  • Make sure you have decent backups.  I use Datto Siris appliances to back up my servers and Intronis ECHO Platform for file and folder backup; others will have their own preferred solutions. Think about where the backups are stored, if your backups are in your office, could the virus hit them too? Think about how long it will take you to recover if you are hit by an attack like this?  If your backups are in the cloud, how long will it take to download your data if you need it fast, or will your backup vendor send it to you on a disk? If your business relies on servers, how long will it take to get your servers back up and running? 

What guidance is out there to help me?

In order to protect your business from the growing threat of cybercrime, including Ransomware virus infection; the government have produced a 10 step program which can be seen here: https://www.gov.uk/government/publications/cyber-risk-management-a-board-level-responsibility/10-steps-summary

In addition, there are a number of certifications that you can get which will help you to implement IT security best practices. Cyber Essentials is a government-backed certification, which currently consists of 64 questions.  By working through each question with your IT consultant and making any necessary changes, you will ensure that you have a good baseline of IT security in your organisation. 

You may require additional security measures to be put in place if you work in healthcare, finance or other sensitive industries.

If you need any help with any of this, or have any questions; please drop an email to solutions@firststopit.co.uk and I will be happy to help you.


Tai Daly 
Solutions Director
Sophos Certified Architect UTM 9.2

Phone: +44 (0) 1279 400351
E-mail:  taid@firststopit.co.uk 

Delivering Business Success with Innovation and Service through the Intelligent Application of Technology