To say ransomware and cyber attacks are hot topics of discussion right now is an understatement! With the WannaCry attack of May 2017 that is reported to have infected more than 230,000 computers in 150 countries in one day and, more recently, the (Not)Petya attack which crippled more than 80 companies across Russia and the Ukraine – everyone needs to be aware and informed at all levels of every business.

Here are our top 10 areas for consideration if your business is under attack:

  1. ISOLATE
    • Lock down network drives
    • Disconnect infected computer from the network
    • Analyse and check file servers
  2. SOURCE
    • Which user/computer is the source of the infection?
    • Understand how the infection started
  3. FILE NAMES
    • Identify any encrypted file names
    • Are there any README.txt files?
    • Understand how far the infection has spread
  4. TRACE STEPS
    • What were users doing prior to attack?
    • Did they click on any suspicious links in email?
    • Were they on a website?
    • Did they open any documents?
  5. NOTIFY
    • Make everyone in the business aware
  6. PAYMENT or NOT
    • It is recommended by the Government not to pay the ransom
    • This is based on a company decision – how valuable is the data that has been lost?
  7. DATA
    • Restoring lost data depends on how good the backup/DR plan is
    • Restore from backup
    • Consider using a decryption tool
  8. TYPE
    • Identify what type of ransomware it is by using a decryption tool
  9. RESET & RESTORE
    • Reset the infected computers to factory settings
    • Restore data from backup
  10. PREVENTION
    • Ensure your business has robust DR & backup plan
    • Educate users on cyber security and what to look out for
    • Invest in layered security measures

Here are some key questions that businesses should be addressing:

  1. Do you train employees and have a procedure in place for reporting suspicious activity?
  2. Is AV installed on all endpoints?
  3. Do employees have separate logins?
  4. How is access to networks controlled, internally and externally?
  5. Is there anti-malware protection installed?
  6. How do you manage patches and software updates?
  7. What is your DR & Backup procedure?
  8. Have you tested your DR & Backup procedure?
  9. Do you have at least 3 copies of your data? Is one kept offsite?
  10. Has a risk assessment been carried out? What data is most important to you? What does downtime cost your company?

We have a team of security experts ready to answer any questions and give advice regarding IT security – contact Orion today to find out about our Security Health checks. +44(0)1756 633 882 sales@orionms.co.uk