There has recently been a flurry of media attention focused on high-profile ransomware attacks against big companies and organisations such as Bose, the Irish health service, the Colonial Oil Pipeline in the US and global insurance company AXA, which all happened in a short space of time between March and May of this year.

Reporting on these large-scale attacks could lead you to believe that ransomware is a problem only for the largest of organisations, but as an internet service provider for businesses ranging in size from micro to large enterprise, we’re aware that these kinds of attack are currently affecting businesses of all sizes.

Whether you’re a small business or large, there are simple steps you and your colleagues can take to avoid ransomware attacks and to mitigate against the potentially catastrophic effects should your network become infected.

What is ransomware?

Ransomware is a type of malware that infects your computer network, either locking up files and applications to stop you from accessing business critical data and systems, or stealing data that could cause reputational damage and fines if leaked. The only way, say the attackers, to regain access to your data is to pay a ransom – usually in the form of cryptocurrency.

Why would my business be targeted?

One of the reasons ransomware has become such a large problem is that the criminals who’ve developed it then sell the software on to others. Therefore, attackers don’t really need a lot of specialist knowledge to carry out a ransomware attack, they just need to cast the net wide and see who “bites”.

Your business may not be specifically targeted, but if you or a member of staff inadvertently downloads ransomware, you become the target by default.

Faced with major disruption or even inability to operate, reputational ruin and the potentially huge fines that can come with a data breach, many organisations quietly pay the ransom. This is one of the reasons why there’s less media focus on smaller businesses falling victim to ransomware – it’s simply not discussed.

Can’t I just pay the ransom and carry on?

Law enforcement agencies advise against paying a ransom to retrieve your data, in fact they are considering making it illegal to do so. This is for a number of reasons, outlined below.

1. There’s no guarantee you’ll get your data back. Some “ransomware” attacks really just wipe your data, and whoever you pay the money to will disappear without returning your files.
2. You’re funding further crime. Paying a ransom is likely to fund further cyber attacks or other forms of crime.
3. Your card is marked. By paying the ransom, you’re flagging your business up as being not only vulnerable to attack, but also ill-prepared to retrieve or replace stolen data. This could lead to further, similar attacks.

How to prevent ransomware attacks?

Ransomware can be spread by various means, here are some of the most common scenarios and how you can mitigate against them to prevent ransomware attacks.

  Email attachments

You receive an email with an attachment, and when you open it ransomware is able to run through your computer and likely spread to others on the network, too.

How to help prevent this:

• Don’t open attachments from unknown senders.
• Even if you think you know them, check the sender’s email address as it could be a convincing spoof.
• If an attachment asks you to enable macros in order to run, don’t allow it to. You can disable the use of macros in Office applications by following our guide.

  Other downloads

You may think you’re downloading legitimate software but there’s something nasty hidden in it.

How to help prevent this:

• Make sure company policy only allows downloads from trusted sources, and that only administrators can install new programs.
• Don’t use pirated software, and if a deal seems too good to be true, it probably is!

  Malicious links

Often spread through phishing emails, malicious links can lead to a web address that automatically downloads ransomware.

How to help prevent this:

• Follow our guidance on avoiding phishing scams.
• Don’t click any link you weren’t expecting to receive.
• Hover over links before clicking to see the full URL. Does it look as you’d expect?

  Remote desktop protocol

Increasingly popular as more people work from home, remote desktop users can be exploited by cybercriminals that scan the internet for exposed RDP ports.

How to help prevent this:

• Use strong passwords to connect to RDP.
• Enable 2FA/MFA.
• Use a VPN.
• IT teams may wish to change the default port number for RDP.

  Exploiting unpatched vulnerabilities

If your computer software contains vulnerabilities, these can be exploited to give ransomware a “backdoor” into your systems.

How to help prevent this:

• Install updates to your operating system and applications as soon as they become available.

  USB sticks and other portable storage

USB storage devices can hold malware files that download and install to your computer and work their way through the network.

How to help prevent this:

• Don’t plug “unverified” storage devices into your computer, ie one that you found lying around somewhere or that was given to you by someone you don’t know well.
• Don’t allow others’ access to your PC (besides your established IT support provider).
• IT teams may wish to disable USB ports.

Further guidance from the National Cyber Security Centre is available to help IT professionals mitigate against ransomware.

Backups are key

While of course the ideal situation would be to avoid a ransomware attack in the first place, if your business were to fall victim to an infection the best course of action is to disconnect affected devices from the network as quickly as possible (If you’re unsure how to do this, unplugging the power or completely powering down will do the job) to prevent the malware from spreading further, completely wipe your systems and start afresh from an up-to-date backup (which you’re certain was made before the ransomware infection happened). This removes the need to pay a ransom.

Having to restore from backups is inconvenient, but it’s nothing compared to the expense and stress of either paying up or trying to reverse the damage done.

You can find our extended guidance on the best way to secure business data backups here, but here are the key points to bear in mind when you’re deciding a backup strategy.

• Anything that’s integral to the day to day running of your business should be saved in multiple locations to ensure a swift recovery if necessary. This may mean backing up to an external hard drive and removing it from the premises, backing up to a server in a colocation facility, using a private or public cloud service, or a combination of these.

• Backing up to the cloud is a convenient option for small businesses and means data can be accessed quickly from almost anywhere, but do your due diligence to make sure you know where data is held and that it is secure.
• Consider how your data travels between the business and its backup location. You’ll need connectivity that’s secure, reliable and resilient.

By having in place training and measures that help employees avoid inadvertently allowing ransomware to breach your systems, and implementing a solid backup strategy, you’re well positioned to evade the increasing threat of ransomware attacks.

Read next: CEO fraud: what is it, and how to protect your business.