The Police Service of Northern Ireland (PSNI) Cyber Crime Centre has been alerted to two local ransomware attacks both of which have resulted in a significant impact on the organisations involved.
Ransomware example transcription (text/plain 1 KB)
Those behind ransomware attacks have become increasingly selective about who they target. Multinationals such as Travelex or public sector bodies such as Redcar & Cleveland Council are often in our headlines and incidents increasingly involve the combined threat to leave data encrypted or to release data stolen before the attack unless payment is made.
The experience in Northern Ireland, as elsewhere across the UK, shows that quite often it is SMEs based in local manufacturing or the service sector who can find themselves falling victim to ransomware and attackers do not avoid small family firms or charities.
As reflected in the experience of many local cybersecurity providers, the NCSC and law enforcement, there is no way to completely protect your organisation against this type of attack, but with defence-in-depth and crucially the right backups, it is possible to increase the chances your organisation will avoid, detect or successfully recover from the impact a ransomware attack.
Tips to avoid and recover from ransomware attacks
Tip 1 – Make Regular Backups
The key action to take to mitigate ransomware. Make regular backups, keep at least one copy offline and do not rely on a single cloud syncing service. Test your backups!
Tip 2 – Prevent malware being delivered to devices
Use email filtering & software tools to reduce the impact of phishing emails and ensure services such as remote access are secured against brute force attack. Authenticate using 2FA / MFA!
Tip 3 – Prevent malware from running on devices
Ensure end user devices are correctly configured, use the latest OS versions and keep software up to date. Protect against malicious Microsoft Office macros. Promote staff awareness!
Tip 4 – Limit the impact and enable rapid response
Segregate obsolete platforms, regularly review permissions and limit the use of administrative accounts. Use 2FA to protect against compromised accounts!
Tip 5 – Report Suspicious Emails
If you receive a suspicious email that you are concerned about we strongly advise not to click on any links it contains but report it to the NCSC Suspicious Email Reporting Service or by emailing firstname.lastname@example.org
Mitigating malware and ransomware attacks - How to defend organisations against malware or ransomware attacks