The National Cyber Security Centre - part of intelligence agency GCHQ - started work in October 2016 with a £1.9bn five-year vision to make the UK the safest place to live and do business online.
Although this will undoubtedly improve the underlying security of the UK Internet, NCSC chief Ciaran Martin stated: "Government cannot protect business and the general public from the risks of cyber-attack on its own. It has to be a team effort from the public and private sectors. It is only in this way that we can stay one step ahead of the scale and pace of the threat that we face."
One of these threats is the Cryptolocker Ransomware virus, an increasingly prevalent exploit that is used by criminals to encrypt data on a computer or network to extort money for restoring access. The encryption used in these attacks are nigh-on impossible to crack and when faced with this scenario you know you're in for a bad day.... unless you have a robust Backup solution to restore your data from.
What can you do to reduce your risks from ransomware?
As a first step, conduct a risk assessment so you know what types of systems and data are most likely to be impacted by Ransomware, and establish a plan to mitigate or remediate those identified risks. Update the risk assessment each time you make changes to your systems, add programs, etc.
For an organisation like the NHS, Clunk Click Hot State DR would have been most suitable. When struck with the WannaCry virus, they could’ve quickly transferred to the VM, causing minimum operational disruption and downtime whilst they removed the virus from their system. After removal they could’ve either kept working from the VM or moved all data back down to their physical servers.
What kinds of things should you include in your plan?
- Develop, AND TEST, a data backup and recovery plan for all critical information because network-connected backups can also be affected by ransomware; critical backups should be isolated from the network for optimum protection.
- Use application “whitelisting”- which allows only selected programs to run, while blocking all non-permitted others.
- Patch, patch, patch! Vulnerable applications and operating systems are the target of most attacks.
- Maintain up-to-date anti-virus software and scan all software.
- Limit the ability of your users to install or run unapproved programs.
- Limit access to systems that contain sensitive data to those who need to have it.
- Educate your staff - even with the best systems in place, human error is still a factor. Making your staff aware of phishing exploits that can come via email, downloads, websites and even over the phone will mitigate risks that can occur on even the most secure networks.
You also should include procedures for dealing with ransomware in your incident response plans, including processes to:
- Detect and conduct an initial analysis of the ransomware
- Contain the ransomware
- Remediate the issue. For example, if the malware was bought in via a download of software, uninstall that software and discontinue use until the developer has produced a patch for the issue
- Recover from the ransomware attack by restoring data lost during the attack and returning to “business as usual” operations
What solutions would we recommend?
For comprehensive protection from cyber threats we'd recommend a three pronged product set - offsite data backup, antivirus protection and business grade routers with a secure firewall.
Listed below is a quick overview of the three products we recommend to secure your business:
Clunk Click Online Pro
The Risc IT Solutions data backup portfolio delivers next generation intelligent data backup and recovery to protect your critical data in a simple unified solution. You can backup critical data from workstations and servers across physical and virtual platforms to UK based secure off-site or local datacentres, while giving backup administrators full control of all processes.
Your data is encrypted at source, in transit and at rest in our data centres using your choice of 128-bit AES, 256-bit AES and 448-bit Blowfish. Only you have access to the encryption key, so unlike other online backup services, only you can decrypt and recover your backup data.
ESET Endpoint Antivirus
ESET's record in stopping in-the-wild viruses in VB100 tests is unmatched. It also has the lowest impact on system performance and memory usage among all leading antivirus solutions, which means unlike other platforms you don't have to wait for your antivirus scan to finish before your computer starts up.
Mako Network Management Sytem
An award-winning business grade router and firewall with no moving parts for total security and reliability.
No buttons to press, or switches to flip: all device functions are controlled through a powerful Cloud based portal that configures and manages each appliance.