Drummond Laurie Chartered Accountants

ransomware2Whilst fraud is one of the risks associated with emails, the recent outbreaks of the WannaCry! Ransomware virus and it’s derivatives are a reminder of another, potentially more damaging one, as the primary route for the spread of such viruses is usually by way of an email attachment which then infects your system with the virus when opened or viewed. As the number of such outbreaks will only increase then we thought it would be useful to give a brief reminder on how to reduce the damage they could cause to your business.

In the case of Ransomware, the virus encrypts the majority, if not all, of the files on the hard drives of the machines it infects, and demands a ransom is paid to reveal the encryption key. Whilst there have been some reports that paying the ransom does work, it’s not guaranteed, and as the encryption sequence is highly effective then the only really effective way of recovering from a ransomware attack is to restore from a clean backup and re-create any missing files.ransom3

Therefore an effective backup solution that covers all of your data and is tested regularly is a must, so if the worst does happen then at least you have something to fall back on.

Given the disruption that restoring from backup will normally entail, it’s better to not be infected in the first place, and therefore it’s very important to have procedures in place to try and eliminate or reduce the risks of infection.

Although some viruses can infect a computer via a network connection (including a connection to the internet), most systems have any connections to the internet or outside world fairly tightly locked down and this means that this method of infection is pretty rare.

It’s not impossible for your system to be infected this way though, and for this reason it’s important to make sure that you pay attention to the settings on your router or modem or other device connecting your pc and network to the internet and make sure that you apply any updates to it’s settings and software as recommended by the manufacturer.

It’s also vitally important to apply any updates your computers operating system (i.e. Windows, macOS and even Linux as it’s a common myth that Linux computers cannot get infected) on a regular and speedy basis as ransomware viruses often make use of faults or holes in the operating system and therefore can be completely prevented if the operating system is kept up to date.

ransom4For example, the Wannacry virus struck on 12th May 2017 but used a hole in Windows that had been patched on 14th March 2017 and so the majority of systems infected had not applied a security patch that had been released nearly 2 months earlier. Keeping your computer up to date in this way means that even if a virus does get through your router or network connection, then there is much less risk of it being able to infect your system.

As mentioned above, the primary method of infection tends to be via an email attachment which the recipient then runs, infecting a system from the inside and therefore bypassing any external security measures. If the affected machine doesn’t then have up to date anti-virus software, or the internal network is not properly secured, then such infections can very quickly infect most of the network, and especially NAS devices and other similar systems whose purpose is purely to store files and that therefore don’t always have anti-virus etc. running on them.

It’s therefore vitally important to be aware not to open attachments from any unknown emails, and to exercise caution even when opening ones that appear to be from someone you know and trust, especially as their system could have been infected without their knowledge. If you aren’t 100% sure then DO NOT open the attachment.

To summarise

Backup regularly, keep your systems (including routers and firewalls) up to date, and don’t open suspicious or unexpected attachments.

The above, however, is only a summary of what’s involved, and therefore to ensure you are adequately protected, please speak to your IT support company or other IT adviser for more detailed advice.

For any general queries, please email ross.nicol@drummondlaurie.co.uk