Ransomware protection for corporate clients: how to prevent and respond to attacks
Ransomware is one of the most serious cyber security threats facing corporate clients today. This guide explains what it is, how attacks happen, how to protect your organisation, and what to do if your company is affected by an incident.
Ransomware, At a glance
- Ransomware is malicious software that encrypts or steals data from business systems in order to extort ransom payments.
- Effective protection includes back-ups, multi-factor authentication, software updates, firewalls and employee awareness training.
What is ransomware?
The word “ransomware” is made up of the terms “ransom” and “software”. It is also referred to as extortion software. Ransomware is malicious software that encrypts data on your computer or locks the device completely. Hackers typically use ransomware to extort their victims and demand a ransom payment in return for releasing the data.
Ransomware remains one of the most dangerous threats facing businesses. Attackers are increasingly working together in criminal networks. The “Cybercrime as a Service” (CaaS) business model has made attacks more professional, as cyber criminals can purchase a range of services, such as ransomware, phishing infrastructure or hacking tools, in exchange for payment. The use of artificial intelligence is making these attacks even more dangerous.
How do ransomware attacks happen?
Weak passwords, missing two-factor authentication or poorly secured access points enable attackers to gain access to systems, servers or cloud environments and install malware. Outdated software and security vulnerabilities are weaknesses that can be exploited to introduce ransomware.
Phishing emails are among the most common attack vectors. These fraudulent emails, which contain malicious attachments or links, are designed to persuade users to download malware or disclose sensitive data.
The Industrial Internet of Things (IIoT) is primarily intended to monitor and control functions in production and manufacturing. Insufficiently protected interfaces can allow access to critical production systems and sensitive data.
It is not only AI-supported attacks that make a more proactive defence strategy necessary; attacks on inadequately implemented AI systems themselves are also increasingly becoming a risk.
Supply chains are another area of vulnerability. Suppliers and customers affected by cyber attacks can suffer operational disruption. Worse still, cyber criminals can use compromised business partner data to gain quick access to the networks of customers or suppliers. This is why you should incorporate the cyber security of your partners into your own security strategy.
USB sticks and other external devices that have been infected with malware by an attacker can spread ransomware when connected directly to a system. Downloads of infected files or software from unreliable sources also often contain hidden malware.
How can I recognise a ransomware attack?
In the worst-case scenario, and without appropriate technical safeguards, you may only notice an attack once you can no longer access your data and the attackers demand a ransom. The actual attack may have taken place much earlier, for example through the placement of ransomware via an infected download. It may then spread through the network as discreetly as possible. Possible signs of an attack include:
- Security software may raise an alert.
- Computers or networks may suddenly slow down or respond with unusual delays.
A significant increase in, or suspicious, data traffic to external IP addresses may be an indication that the ransomware is communicating with a command-and-control server.
What should corporate clients do after a ransomware attack?
Isolate systems:
Immediately disconnect all affected devices from the network and the internet to prevent the ransomware from spreading further.
Alert IT security experts:
Contact internal or external IT specialists and incident response teams to analyse the attack and handle it professionally.
Document the incident:
Record all details of the attack, such as error messages, ransom demands and affected systems, in order to determine the origin and scope of the incident and inform the relevant authorities.
Check data recovery options:
Review available back-ups so that affected systems can be restored as cleanly and securely as possible — do not pay any ransom.
Learn lessons and strengthen protection:
Carry out a thorough vulnerability analysis, close security gaps and raise awareness among employees in order to prevent future attacks.
Preventive measures, How corporate clients can prevent ransomware attacks
Businesses can reduce the risk of attacks through the right cyber security measures, although no protection can remove risk entirely. If an incident does occur, it does not have to become a business-critical crisis — provided your organisation has prepared in advance. Knowing how to prevent attacks and respond quickly can significantly reduce disruption, financial loss and reputational damage.
Preparation is everything, so:
- Define your most important processes and determine which ones need to be protected first. This should also include partners and service providers.
- Draw up an emergency plan and print it out as well — including all contact details. Assign clear responsibilities.
- Put measures in place to maintain your payment operations. A helpful checklist will support you with this.
- Practise the emergency plan regularly.
You can find more details on how to protect your organisation in our recordings from the online event series “What to do about cybercrime on a new scale”.
Further practical guidance on improving information security within your business is provided by the “IT-Grundschutz” framework published by the German Federal Office for Information Security.
We are at your side!, Cyber attacks can happen to anyone.
Global Payment Plus: multi-bank online banking application
Cyber attacks demonstrate just how important transparent and controlled payment processes are for companies. With Global Payment Plus, you can manage all accounts and transactions conveniently and consistently in a single online application.
- Web-based online banking: access via internet-enabled devices
- Multi-factor authorisation of your bank transactions securely and from any location using the photoTAN procedure
- Overview of all accounts, including those held at third-party banks
Further information on cyber security
Das könnte Sie auch interessieren
- The VoP scheme: Enhancing payment security across the SEPA area
This article provides information on the additional protection offered by Verification of Payee (VoP) and how VoP impacts your processes.
- Security for your online banking
Reduce the risk of cybercrime in your online banking business with appropriate security standards. We give tips and current warnings.