Don’t let your business data be held to ransom

What is ransomware?

Ransomware is a type of malicious software (malware) that encrypts (or locks) the files on a computer, making them inaccessible. Once the malware has been downloaded onto the victim’s computer, the victim receives a message on their computer screen from the criminal (the ransom note), advising them that their files have been locked, and demanding money in return for unlocking the files.

Cybercriminals usually demand victims pay the ransom in virtual currencies, such as Bitcoin, which is difficult for law enforcement to trace. Ransomware attacks are just like any other extortion attempt and police advise that businesses should not comply with the criminals’ request for money. Watch our video to learn more.

Ransomware video tutorial

Learn how to reduce the risk of ransomware impacting your business.

The value of your data

Information is the DNA of every small business and needs to be protected from cybercriminals.

To get a real understanding of the value of your information, think about what would happen to your business if one of the following scenarios occurred:

• your computer systems were unavailable for a week
• you lost all the data stored on all the computers in your company
• your biggest competitor was able to obtain a list of your customers along with sales figures and notes.

The impact to your business and your reputation could be damaging.

Learn from a business who has experienced ransomware and hear about the red flags.  

Steps to protect your business

Ransomware threats are a reminder of why it’s so important to think about your security controls and to back-up your business data regularly.

1. Be wary of unexpected, threatening or poorly written emails

Ransomware can gain access to a businesses’ network by disguising the malicious software as a link or attachment in a phishing or spam email.

Email is a popular delivery mechanism for malicious software because email is cheap and reaches a wide audience. Some phishing emails carrying ransomware will appear to be an email invoice from a provider such as an energy company or a telecommunications company. The fake invoice directs the recipient to click on a link and download a file to view their bill. By downloading the file, the recipient installs the ransomware malware onto their computer.

You should exercise extra caution with emails that:

• you're not expecting 
• come from an unknown sender or unusual address
• contain attachments or suspicious links. 

Train your employees to be vigilant by learning how to identify suspicious messages. 

2. Make sure your operating system and anti-virus software are always up to date

Check the security settings on your computer's operating system and software applications to confirm that they're set to automatically update and install new patches. Each operating system is slightly different, so if you’re unsure check the Microsoft or Apple websites for information.

It’s important to have fully functioning anti-virus software running at all times to ensure you're protected to the highest level possible. While trial anti-virus software is free, it usually only updates during the trial period. Check your software to confirm that it is valid and set to automatically update, scan and flag suspicious activity.

3. Back-up your data

Backing-up your business data is critical to safeguarding your business. In the unfortunate event that you're impacted by a ransomware attack, you'll need to rely on these back-ups to restore your valuable data.

Backing-up data means making a copy on another device. For example, you might save your important files onto a second removable hard drive or USB drive. It's best practice to back-up your data on two different devices.

There are two basic kinds of back-ups - a full back-up and an incremental back-up.

• Full back up: makes a complete copy of the selected data onto another device. This can be achieved via a dedicated back-up program, or by manually copying files to the back-up device. 
• Incremental back-up: this saves only the data that has been added or changed since the last full back-up.

Remember to disconnect the back-up device (e.g. external hard drive or USB) from the computer when you’re finished, as attackers are known to encrypt or delete back-ups connected to the computer or network.

It's also important to test your back-up frequently by restoring data to a test location. This helps to ensure the back-up device and backed-up data are in good shape. You can identify any problems in the restoration process and provide a level of confidence that your back-up will work during an actual crisis.

4. Create an incident management plan

It’s good business practice to have an incident management plan that has key contacts, processes and business continuity plans in case you do have an issue. This will reduce the time to get back online, and the stress of recovering your business data so that you aren’t trying to work out what to do when your system is down.

Learn more about how to recover fast from business disruptions. 

Next steps

The Australian Cyber Security Centre (ACSC) has prepared a detailed Ransomware Prevention and Protection Guide (PDF, 1.92MB) for businesses as well as a Ransomware Emergency Response Guide (PDF, 0.98MB), which includes the following steps:

• Record important details as quickly as possible.
• Take a photo of the ransom note or any new file extensions you may have noticed.
• Turn off the infected device by holding down the power button or unplugging it from the wall. This is the best way to stop ransomware from spreading.
• Disconnect other devices which may be on the same network.
• Change the passwords for your online accounts.
• Visit the ACSC website  for more information.
• It is important to report the incident to ACSC through ReportCyber or call 1300 Cyber1 (1300 292 371).
• Depending on the severity of the ransomware attack, you may have to notify your customers. The Office of the Australian Information Commissioner can provide advice on your obligations.