Nucleus + Ransomware Protection

We’ve been receiving a lot of questions as of late about how we protect our clients from security threats. One key aspect is that we utilize multiple layers of protection to secure our clients. However, there is no silver bullet and there’s always more that you can do to protect your business. Bottom line is if you are connected to the internet, you are at risk. In this blog post, we will outline what is ransomware, how it works and how to protect your business. 

What is Ransomware?

Ransomware is malicious software designed to block access to a computer system until a sum of money is paid, thus holding your system for “ransom.” With annual losses exceeding hundreds of millions of dollars, ransomware is one of the fastest growing threats to organizations across the globe.

How it's Introduced?

Hackers use websites with tempting offers for free games or prize claims to bait their victims, but threats don’t just come from websites alone, USB sticks or even a simple email attachment can carry this malicious software. After infecting your machine, ransomware demands you to pay a fee in order to restore your system. Hackers often demand payment through digital currencies like Bitcoin because it’s much harder to track compared to traditional banking methods.

Layered Security

At a high-level, as a client of Nucleus you have multiple layers of defense protecting you from malicious attacks:  

• Managed SentinelOne XDR (Next generation antivirus, Extended Detection & Response) 
• Cloud gateway security 
• Ransomware detection + prevention 
• 24x7 Security Operations Center (SOC) 

How to Protect your Digital Assets

Most ransomware that infects business systems come through people’s email systems; this is what is known as email phishing. If you’re opening an email and you’re uncertain of the attachment, don’t open it! This could be the start of the infection vector that is encrypting systems and holding servers and data for ransom across the world. 

Aside of keeping your systems up to date following best practices will also help protect your organization: 

• Be alert: Avoid visiting suspicious websites or downloading software unless approved by corporate security
• Never open a non-requested attachment
• Never click on suspicious links
• Do not visit adult, online gaming and gambling sites on work devices
• Make sure that you have backups that are taken regularly on a system that is not visible from corporate workstations to allow for a rollback in case of infection
• If your backups are “visible” from your workstations on a share or other means then you risk that your backup will also be encrypted/locked by a ransomware in which case your only options will be to either pay the ransom or rebuild your data manually from scratch
• Ensure that you put in place a rapid phase out plan for old hardware
• Always deploy operating systems updates and security patches in a timely and regular manner
• Recovery plan: Develop a “Recovery Plan” that serves as a guide in the event of a ransomware attack
• Managed backup: Backups could save your organization from having to make some tough decisions, like paying the ransom.
• Alert your IT Manager or Partner: If you think you’ve become a victim of ransomware, notify your IT department immediately. The quicker they know about a ransomware issue, the less damage may be done to your entire organization
  

In a 2022 Canadian ransomware study by TELUS, 83 per cent of 450 Canadian businesses surveyed said they had experienced a ransomware attack, and only 42 per cent of those said their data was returned to them after a ransom was paid.

What more can we do to Enhance your Business Security?

Our dedicated team of Security Consultants and vCISOs can assist with enhanced digital-security initiatives and to strengthen your security posture, our recommended list is below: 

• Cybersecurity Awareness Training: User education, training, and mock phishing email testing etc.
• Blocking access to personal email accounts from corporate assets (gmail, yahoo, hotmail, etc.)
• Removing of admin rights from users who have admin access on their machine
• Implementing MFA and Single-Sign-On (SSO) 
• Performing annual security audits on the current state of your digital security and defining a security roadmap
• Cybersecurity Assessments

If you have any additional questions or concerns, please reach out to discuss!