Defending against Ransomware attacks and what to do if you’ve been affected

On Friday, a large-scale ransomware attack hit the headlines. Companies across the world were affected by malicious ransomware attacks to extort money from them, causing serious problems for the organisations affected to work and serve their customers.  The attack was not targeted, however some of the UK’s NHS trusts were severely affected. Here in the UK the focus for these attacks has centred on the NHS trusts.

Can these attacks be prevented?

By deploying  reliable perimeter defences, you can reduce the likelihood of malware  reaching your network’s computers and devices. It is also essential to make sure users are aware of the dangers of clicking on links from unknown senders, to reduce the risk posed by anything that makes it past the firewall and anti-virus software.

Can the damage be reversed?

Company data is key to modern business operations so it is essential that ‘Systems’ are ‘backed-up’.  In the event data is lost, it is crucial that the company has an appropriate back-up operation to minimise the loss and damage, systems can be restored to a non-infected state negating the need to pay the ransom demands.

MCSA, are a CESG and ISO27001 compliant company.  These measures are required to ensure that all critical and security patches are in place within 14 days of their release.

MCSA apply critical and security patches to endpoint devices typically on the day of release and weekly for core infrastructure.   MCSA also run daily vulnerability scans which highlight vulnerabilities with operating systems, applications and devices.  These too are typically remediated within the 14-day window.

In addition to the detection and remediation of vulnerabilities, MCSA also filter for malware beyond our perimeter, leveraging SaaS services for both email and Internet traffic and at our perimeter with firewall-embedded IPS & malware scanning and at the endpoint with anti-virus protection with definition files being automatically applied as soon as they are released by the vendor.

Finally, MCSA also have a 15-minute backup cycle for databases and 2-hour backup cycle for data with daily off-site tape backups as backup of last resort.

What can I do if my organisation has been affected?

Organisations are being told by authorities not to pay any ransom demanded by the ransomware. If you have been affected or are concerned that you might have been, please get in touch with us on 01628 810977 where an experienced member of our Technical team will be happy to discuss with you or alternative email us at info@mcsa.co.uk