The Ultimate Cyber Nasty: Ransomware. How to Avoid it and What to do if you Fall Victim
Today, we’re looking at perhaps the biggest bully in the cyber world: Ransomware.
This bad boy is a type of malicious software designed to block access to systems, accounts or even entire networks, often alongside a threat to leak sensitive information.
This is all in effort to get the victim to pay a ransom - usually in cryptocurrency.
It is one of the most prevalent and damaging types of cyber threats today and one you want to swerve at all costs. Pardon the pun.
Understanding Ransomware & What it Looks Like Today
While ransomware has been around for years, it has graduated from screen locking programs to sophisticated criminal enterprises. Ransomware groups can operate like legitimate businesses with customer service portals, negotiation teams and even corporate-like ‘money back guarantees.
In order to be successful, their strategies often involve ‘technical’ means such as persistent hacking methods and/or attacks that target newly discovered security holes.
However, a common thread is the use of social engineering, a technique used to manipulate people into giving access.
Common Attack Vectors
Phishing emails with malicious attachments or links. These emails appear to be from trusted sources and can be disturbingly convincing in their effort to get you to click on a link or download an attachment
Remote Desktop Protocol (RDP) exploitation, Ever given the IT gal access to your desktop whilst she’s sat at her desk elsewhere? That’s RDP and a tool hacker’s love
Software vulnerabilities and outdated systems
‘Drive-by’ downloads from compromised websites. This is when malicious software is downloaded to your device without your knowledge whilst you innocently visit a compromised website
Supply chain attacks targeting managed service providers
What’s the Impact on Organisations?
The consequences of ransomware usually extend far beyond the ransom demand. Businesses, content creators and organisations can face:
Operational downtime and lost productivity
Reputational damage and loss of customer or follower trust
Legal and regulatory compliance issues
Data recovery and system restoration costs
Potential loss of intellectual property
A humongous amount of stress and anxiety to those involved
The Three Keys to Protecting your Business or Platform Against Ransomware
To protect against this particular cyber-nasty, it's important to maintain good cybersecurity practices. Here are the three I would focus on first:
1. Regular Backups
How nice (and badass) would it be to give a hacker a virtual middle finger, safe in the knowledge you had your files saved elsewhere?
Maintain frequent, tested backups, and you can do just that. Follow the 3-2-1 backup rule: three copies of data, on two different media types, with one copy stored offsite.
2. Security Awareness Training
The best protection is awareness. Educate yourself and your team about phishing, social engineering, and safe browsing practices. A positive security culture, regular training sessions and simulated phishing exercises can significantly reduce the risk of attacks.
3. Technical Controls
Get your bases covered by establishing some solid security measures:
Multi-factor authentication (MFA) to access all accounts and systems
Network segmentation - If you have a team, this is especially important. It involves dividing a network into smaller, isolated segments to essentially ‘stop the spread’
Regular patch management
Email filtering
Endpoint detection and response (EDR) tools. These continuously monitor and collect data from endpoints (like computers and servers) to detect, investigate, and respond to cyber threats in real-time.
Be Prepared with Incident Response Planning
Having a document or plan in place should disaster strike is something your future self will thank you for. It should plan for a range of scenarios, but ransomware is key.
Though it sounds intense, it can simply entail the following:
Clear roles and responsibilities
Communication protocols
Decision-making frameworks for ransom payment
Recovery procedures
Legal and regulatory compliance steps
When stress levels are high in the moment, such a tool can ground you and your team, allowing for better decision making.
The Ransom Payment Dilemma & What to Do Instead
The decision to pay a ransom is complex and controversial. While paying might seem like the quickest and easiest out, it carries several risks:
There’s sadly no guarantee of data recovery
It encourages further criminal activity against others
Paying can identify you as a future target for the same perpetrators or others. Scammers are known to share lists of victims vulnerable to phishing and/or social engineering.
Instead, contact local authorities and consider seeking advice from a professional cybersecurity firm - both to mitigate the damage and potentially recover your data.
These solutions aren’t always accessible or smooth so prevention really is key.
Start small and start today with little tweaks to your business set up that ensures tighter security and greater resilience. Get started by signing up to one of our excellent, tailored programs below, subscribing to the newsletter in the footer or following us on Instagram.
Protect Your Business with The Key: A Free 5 Day Program
Protect your business from cyber threats, privacy breaches, and reputational damage with The Key - a 5-day program designed for small business owners.
In under 30 minutes per day, you'll implement essential security measures to strengthen your defences, professionalise your brand and build resilience into your business. This program guides you on how to lock down your devices, protect client data, and establish robust recovery practices.
What’s included?
Actionable steps to clean your devices, build privacy into your workflow and secure your platforms
Recommendations for carefully selected affordable tools (non-affiliated)
Free bonus resources to help you grow your business - uninterrupted
Sign up to start looking after your self and your business today.
Protect Your Platform: A Free 5-Day Program for Content Creators
Take control of the security, longevity and professionalism of your brand with Protect Your Platform (PYP) - a focused 5-day program designed specifically for content creators and influencers.
In under 30 minutes per day, you'll implement the essential measures to protect against cyber threats, safeguard your private data, and build a more resilient brand.
What’s included?
Actionable steps to clean your devices, build privacy into your workflow and better secure your platforms
Recommendations for carefully selected affordable tools (non-affiliated)
Free bonus resources to help you scale securely
Sign up below to start looking after your self and your brand
Mission Secured: A Free 5-Day Program for Non-Profits
Strengthen your organisation against threats with Mission Secured - a tailored 5-day program designed specifically for charities and non-profits.
In under 30 minutes per day, you'll implement essential security measures to protect sensitive information, strengthen your defences, and build lasting resilience.
What’s included?
Straightforward, actionable steps to implement privacy measures, protect your accounts and establish robust recovery practices.
Recommendations for carefully selected affordable tools (non-affiliated)
Free bonus resources to help you survive and thrive, without the sleepless nights
Sign up below to start today!
Including a look back to 2024 to see what we can learn.