October 23, 2017

Don’t let your business data be held to ransom

Threats like the recent global WannaCry and Petya ransomware attacks are a good reminder of why it’s important to ensure your business data is safe, by confirming your computer’s security updates and patches are up to date, and backing-up your business data regularly.

Ransomware is currently one of the most significant security threats to small businesses in Australia.

Andrew Dell, Chief Information Security Officer for NAB, suggests simple steps you can take to avoid your data being held to ransom by cybercriminals.

What is ransomware?

Ransomware is a type of malicious software (malware) that encrypts (or locks) the files on a computer, making them inaccessible. Once the malware has been downloaded on the victim’s computer, the victim receives a message on their computer screen from the criminal (the ransom note), advising them that their files have been locked, and demanding money in return for unlocking the files.  Cybercriminals usually demand victims pay the ransom in virtual currencies, such as Bitcoin, which is difficult for law enforcement to trace. Ransomware attacks are just like any other extortion attempt and police advise that businesses should not comply with the criminals request for money.

In 2016, the Australian Competition and Consumer Commission (ACCC) received more than 6200 reports of ransomware (up 29% from the previous year) with small businesses and consumers reporting losses of nearly a million dollars as a result. This figure likely represents only a fraction of the total victims of ransomware, as not all victims are willing to report the crime.

“Criminal gangs used to spread this malicious software exclusively via convincing spam emails to extort payment from the victim.  However, that’s not the case anymore. As we saw with the WannaCry and Petya ransomware,” says Dell. “In those cases the criminals took advantage of a vulnerability (security gap) in Microsoft’s operating system and infected over 300,000 computers across the globe.  “This means that the victims didn’t have to do anything to be infected” says Dell. “However, those people who had their operating system, software and anti-virus up to date with the latest patches would have been safe from these 2 particular variants.”

“Criminals will still use fake emails to infect victims. They use email for the same reason business does. It’s cheap and reaches a wide audience.” Dell gives the example of a common type of campaign that appears to be an email invoice from a utilities company (an energy or Telco). The fake invoice directs the recipient to click on a link and download a file to view their bill. By downloading the file, the recipient installs the ransomware malware onto their computer.

The value of your data

Information is the real DNA of every small business and needs to be protected from cybercriminals, says Dell. “To get a real understanding of the value of your information, think about what would happen to your business if one of the following scenarios occurred – your computer systems were unavailable for a week; you lost all the data stored on all the computers in your company; or your biggest competitor was able to obtain a list of your customers along with sales figures and sales notes.  The impact to your business, and your reputation, would be overwhelming.”

Steps to protect your business from ransomware

Ransomware threats are a reminder of why it’s so important to think about your security controls and to back-up your business data regularly.

To keep yourself safe from the majority of threats, be wary of unexpected, threatening emails or poorly written emails, and train your employees to be vigilant. Make sure your operating system, anti-virus and applications are always up to date. “Check the security settings on your computer’s operating system and software applications to confirm that they are set to automatically update and install new patches” says Dell. Each operating system is slightly different, so if you are unsure check the Microsoft or Apple websites for information.

Antivirus software protects your computer from the latest threats, but cybercriminals are always striving to stay one step ahead. Having the latest virus definitions can help keep pace with the attacks. It is important to have fully functioning anti-virus running at all times to ensure you are protected to the highest level possible. While trial anti-virus software is free, the software only updates during the trial period.  Check your software to confirm that it is valid and set to automatically update, scan and flag suspicious activity.

Back-up your data

Backing-up your business data is a good habit to have, and in the unfortunate event that you do fall victim to a ransomware attack, you will need to rely on these back-ups to restore your valuable data.

“Backing-up data means making a copy on another device,” says Dell. “For example, you might save your important files onto a second removable hard drive or USB drive. It is best practice to back-up your data on two different devices.”

There are two basic kinds of back-ups: a full back-up and an incremental back-up.

A full back-up makes a complete copy of the selected data onto another device. This can be achieved via a dedicated back-up program, or by manually copying files to the back-up device.  An incremental back-up saves only the data that has been added or changed since the last full back-up.

“A full back-up, augmented by incremental back-up, is quicker and uses less storage space,” says Dell. “You might consider a policy of running a full back-up on a weekly basis, followed by daily incremental back-up.”

Remember to disconnect the back-up device (e.g. external hard drive or USB) from the computer when you’re finished, advises Dell, as “attackers are known to encrypt or delete back-ups connected to the computer or network”.

It’s important to test your back-up frequently by restoring data to a test location. This helps to ensure the back-up device and backed-up data are in good shape; identify any problems in the restoration process; and provide a level of confidence that your back-up will work during an actual crisis.

It’s also good business practice to have an incident management plan that has key contacts, processes and business continuity plans in case you do have an issue. “This will reduce the time to get back on line, and importantly the stress of recovering your business data so that you aren’t trying to work out what to do when your system is down.”

The Australian Cyber Security Centre (ACSC) recommends that business impacted by ransomware:

  • isolate the infected computer from the network to prevent the software spreading, and use back-up data to restore information
  • immediately update their Windows operating system with the latest security patches – there are instructions on the ACSC website on how to do this
  • visit the ACSC website at https://www.acsc.gov.au/ for more information, or call 1300 292371 (1300 CYBER1) if you have been infected

Top tips for securing your business

Dell advises that there are some simple precautions you can take to help protect yourself from ransomware.

Exercise extreme caution with emails that:

  • you’re not expecting
  • come from unknown sender/unusual address
  • contain attachments

It is always good practice to:

  • confirm patches and updates are applied
  • avoid provide banking details to unsolicited emails or phone calls
  • never use unsecured Wi-Fi networks for online banking
  • never use third party or untrusted App stores to download Apps
  • not share too much personal information on social media

For further information

Managing the threat of a cyber attack is a vital part of running any business in this new digital age. If you are looking for more information about how to protect your business from such threats, visit nab.com.au/security.

For easy to understand computer security advice for home use and SME business, visit staysmartonline.gov.au

To see the latest scams, or to report a scam, visit scamwatch.gov.au

The Australian Cybercrime Online Reporting Network (ACORN) is a secure reporting and referral service for cybercrime and online incidents that may be in breach of Australian law. Certain reports will be directed to Australian law enforcement and government agencies for further investigation. report.acorn.gov.au