Picture: ISTOCK
Picture: ISTOCK

Ransomware has once again reared its dangerous head, but this time the malware brings with it a wake-up call to defend one’s data and adopt better e-mail practices. What has recently been making headlines and no doubt dispelling the smiles at more than a few businesses is the aptly named WannaCry, the latest variant of ransomware to emerge from the malware threat swamp.

WannaCry isn’t the first ransomware attack, nor will it be the last; but it has certainly been one of the largest, highlighting for some their lack of awareness of how severe these kinds of attacks can be, as well as how quickly they can occur, particularly on computers running outdated operating systems. This particular exploit gained notoriety because of its scale – it affected around 200,000 systems in under a week.

What ransomware is

At its most insidious, ransomware can lock users out of their PCs, and even worse, encrypt their data so that they can’t get access to it. The attacker then puts a timer on the encryption, and demands a specified, often incrementally increasing, amount of money to send the victim a key to unlock the files. If the ransom isn’t paid in time, victims, whether individuals,  small or medium-sized enterprises (SMEs) or large businesses, can lose all their data, which today is really the lifeblood of many businesses.

Sadly, it is often SMEs and individuals that are hardest hit by both malware infections and data loss. Whereas larger corporations typically have dedicated IT departments with risk-management policies in place, SMEs are less likely to have policies for conducting regular backups and deploying software and operating system updates timeously. While WannaCry’s asking price was relatively small, at $300, in other instances it may well be a sum that is out of reach for SMEs. What exacerbates matters further is that there is no guarantee that victims will be given access to their data even if they do pay up.

The lessons to be learnt

WannaCry doesn’t just hold important lessons for businesses, it also highlights actions that we should all be taking, both within and outside the organisation, with regard to the way we interact with our e-mail and protect our data.

Obviously, ceasing to use e-mail is not a viable solution, as it remains a prime communication and marketing channel. However, the proliferation of ransomware does mean that e-mail users need to be considerably more aware and cautious about what they open and how they treat attachments, particularly zipped files, the contents of which are often invisible until extracted.

How to avert a hostage crisis

On the data front, consistently backing up data in more than one location and having multiple copies of mission-critical information are essential. This is much like an insurance policy – it’s only when you really need it that you realise how valuable it is. With regard to e-mail, there are also countermeasures that can mitigate the danger of an attack. How personalised an e-mail is can be the first indicator of its legitimacy. Equally important, though, is verifying that the domain from which an e-mail is coming is recognisable and in line with the subject of the e-mail.

No less important, though, is that e-mail servers need to be set up correctly on the system administrator side. Malware can infect a network when an organisation’s e-mail system is incorrectly configured and thus fails to perform the necessary checks on a potentially malignant e-mail message.

Planning for the worst by having a consistent backup procedure in place to protect one’s data is the first step towards mitigating the primary damage caused by ransomware.

Following the principle that prevention is better than cure, adopting savvy approaches towards identifying legitimate versus suspicious e-mails and opening attachments can halt the spread of an infection, at least by e-mail. Along with securing one’s server configurations, these measures can go a long way towards mitigating ransomware and offering a measure of protection for one’s irreplaceable data. 

Please login or register to comment.