Ransomware attacks: Detect and protect

By Marketing

24 March 2020 5 min read


There has been a rise in the number of practices reporting ransomware attacks in recent months, so to raise awareness we have pulled together some information for you to help your team detect and protect against attacks.

What is ransomware?

Ransomware is a type of malware (malicious software) which criminals use to extort money, holding data to ransom using encryption or by locking users out of their device.

Ransomware can come under many different names, variations and guises however in general the two main forms of this malware are:

  • Crypto ransomware – Crypto ransomware encrypts valuable files on a computer so that the user cannot access them.
  • Locker ransomware – Rather than encrypting data, locker ransomware it locks the victim out of their device. Once locked out, cybercriminals will demand a ransom to unlock the device.

How to prevent ransomware attacks?

Never click on unverified links, untrusted emails or attachments 

Avoid clicking links in spam emails or unfamiliar websites. Malicious links which start a download when clicked are one of the most common ways your computer can be infected. Do not open an email from a sender you do not recognise or trust. Be sure to assess whether an email address or attachment looks genuine before opening. If you believe an email, download or website to be suspicious delete and close immediately. Lastly, never open attachments that ask you to enable macros, if the attachment is infected, opening it will run this malicious macro giving the malware control over your system, software or computer.

Never give out personal data to an untrusted source e.g. untrusted website, over the phone, text or email. 

Cybercriminals planning a ransomware attack may try to gain personal data in advance of an attack in order to target you or your practice specifically.

If you receive a call, text or email from an untrusted source asking for personal data, never give this out. Be wary of being contacted by an untrusted source which is trying to portray themselves as a supplier, company or business you trust. e.g. a bank, utilities company, governmental body. In such a case, ignore the request and contact the company independently to verify.

Most reputable websites will have markers of trust that you can recognise. Never give out personal data to an untrusted source or website. For example, in your search bar make sure the site you are visiting uses https instead of http. A shield or lock symbol may also show in the search bar to verify the site as secure. If you are downloading an app to your mobile device, ensure you are using a trusted platform such as App Store or Google Play Store.

Never use unfamiliar USBs 

As a rule, you should never insert any unknown or untrusted storage device into your computer. Cybercriminals may have infected the device with ransomware and left in a public space, office, business or your practice to lure you into using it.

Backup your data 

It is imperative that you ensure you have a disaster recovery plan in place that will allow recovery of your critical files. Backup and disaster recovery are generally only worried about once you have had a problem, by then it is too late.

Please review your existing backup solution to ensure that you have recent and successful backups of your system.  If you don’t, you are extremely vulnerable to complete system data loss should you be unfortunate to be hit by the ransomware. It is your responsibility to verify that you have working backups of your system.

Keep your software and systems updated 

To ensure the highest level of protection day to day, ensure you keep your software and systems updated frequently. Each update will introduce the latest security patches to protect your business against the latest known viruses and malware.

Use security software 

We always recommend that you use an antivirus product and ensure it is kept up to date. If you have any concerns over your virus protection or would like to discuss antivirus products we offer or recommend please contact our team at sales.apac@covetrus.com.

What to do if you experience an attack

In the event of a ransomware attack, we recommend taking the following steps to minimise the damage to your software and data.

  • Disconnect your computer: the very first thing we recommend is to disconnect your computer from the internet/wifi to stop the ransomware spreading.
  • Never pay the ransom: do not in any circumstance pay the ransom demanded by the cybercriminals. It is important to note that paying the ransom will not guarantee the return of your data. Paying out also encourages this sort of crime and potential further manipulation.
  • Start malware removal: following disconnecting your computer from the internet, call our support team immediately. Our team will help to confirm if you have been hit by a ransomware attack and explore options to help you recover the situation and more importantly, your computer, systems and data. Please note that the diagnosis and rectification in relation to ransomware is not included in standard technical support and is subject to additional charges.

How to raise awareness within your practice

Unfortunately, it is all too easy to fall victim to viruses and other malware on your computer and network but the more awareness your team have, the more preventable they become.

In recent months ransomware has been spreading more commonly via a hoax emails with a PDF-looking document attached. Therefore, it is imperative that you and your team only open email attachments from trusted sources and be extra vigilant about spotting email addresses that look suspicious. Take careful note of any communication claiming to be from your IT provider, asking you to download a tool to protect against malware or to remove a virus.

To raise awareness within your practice we recommend sharing this article with your team to help to ensure everyone knows:

  • what to look out for
  • what steps to take in the event of an attack
  • best practice to prevent ransomware and malware
  • where to go for help or further information