Ransomware and what you should be doing

January 15, 2020
Travelex was forced to take its websites offline after discovering the cyber-attack on New Year’s Eve. It later emerged that the ransomware gang responsible, Sodinokibi, had demanded £4.6m and was threatening to release customers’ personal data - including dates of birth and payment card information - into the public domain unless the company paid up. —The Guardian

Company shuts down because of ransomware, leaves 300 without jobs just before holidays
Company tells employees to seek new employment after suspending all operations right before Christmas.— Znet.com

Travelex are just the most recent high profile victims but Ransomeware is a growing trend and everyone is vulnerable.

All it takes is someone clicking a link in a spam email or activating macros in a malicious document without having proper security software in place.

In a few seconds, all your data will be encrypted and you'll have just a few days to pay a ransom in bitcoin to get it back. And there's no guarantee you will.

Ransomware creators and other cyber criminals involved in the malware economy are remorseless. They’ve automated their attacks to the point of targeting anyone and everyone.

What everyone should be doing

On Your Computer

Backup, backup, backup. In at least 2 places: on an external hard drive and in the cloud Dropbox/Google Drive/etc.
Cloud Storage. Don't store important data on your computer's hard drive.
Don't keep your clouds storage 'open'.Only open Dropbox/Google Drive/OneDrive/etc once a day, to sync data, and close them once this is done.
Updates.Make sure youroperating system and the software you use is up to date, including the latest security updates.

Use a guest account. For daily use, don;t use an administrator account on your computer, rather use a guest account with limited privileges.
Turn of macros for Word, Excel, PowerPoint, etc.

In your browser

Plugins are bad. Remove Adobe Flash, Adobe Reader, Java and Silverlight from your browser. Set the browser to ask you if you want to activate these plugins only if essential. Remove any outdated plugins and add-ones.
Do a browser security check. Adjust your rowser’s security and privacy settings for increased protection.
Install an ad-blocker. Avoid the threat of potentially malicious ads.

Day to day behaviour

Never open spam emails or emails from unknown senders.
Never download attachments from spam emails or suspicious emails.
Never click links in spam emails or suspicious emails.

When it comes to Ransomware and Cyber Crime, have you done enough? Are you in a defensible position if it happens to you? Get in touch, we can help whether its auditing your systems, advising on security, training staff or just good advice.

If you are an SME based in Galway and would like an introductory Security Awareness Training session for your staff, please get in touch.

Data Influence blogs and stories are provided for information only, not legal advice. Always consult your lawyer on legal matters.

Find the value in Data Protection
The most valuable asset in your business is your people.
Next is your data.
Protecting your data makes good business sense.
Start Now