Business Technology Consulting Group

Mitigating malware and ransomware attacks

This guidance helps private and public sector organizations deal with the effects of malware (which includes ransomware). It provides actions to help organizations prevent a malware infection, and also steps to take if you’re already infected.

Following this guidance will reduce:

  • the likelihood of becoming infected
  • the spread of malware throughout your organization
  • the impact of the infection

If you’ve already been infected with malware, please refer to our list of urgent steps to take

For advice on minimizing potential harm smaller organizations should refer to the NCSC’s Small Business Guide. For information about protecting your devices at home, please read our guidance especially written for individuals and families.

In this guidance

What are malware and ransomware?

Malware is malicious software, which – if able to run – can cause harm in many ways, including:

  • causing a device to become locked or unusable
  • stealing, deleting or encrypting data
  • taking control of your devices to attack other organizations
  • obtaining credentials which allow access to your organization’s systems or services that you use
  • ‘mining’ cryptocurrency
  • using services that may cost you money (e.g. premium rate phone calls).

Ransomware is a type of malware that prevents you from accessing your computer (or the data that is stored on it). The computer itself may become locked, or the data on it might be stolen, deleted or encrypted. Some ransomware will also try to spread to other machines on the network, such as the Wannacry malware that impacted the NHS in May 2017.

Usually you’re asked to contact the attacker via an anonymous email address or follow instructions on an anonymous web page, to make payment. The payment is invariably demanded in a cryptocurrency such as Bitcoin, in order to unlock your computer, or access your data. However, even if you pay the ransom, there is no guarantee that you will get access to your computer, or your files.

Occasionally malware is presented as ransomware, but after the ransom is paid the files are not decrypted. This is known as wiper malwareFor these reasons, it’s essential that you always have a recent offline backup of your most important files and data.

Should you pay the ransom?

Law enforcement do not encourage, endorse, nor condone the payment of ransom demands. If you do pay the ransom:

  • there is no guarantee that you will get access to your data or computer
  • your computer will still be infected
  • you will be paying criminal groups
  • you’re more likely to be targeted in the future

Attackers will also threaten to publish data if payment is not made. To counter this, organizations should take measures to minimize the impact of data exfiltration. The NCSC’s guidance on Protecting bulk personal data and the Logging and protective monitoring guidance can help with this.

Using a defence in depth strategy

Since there’s no way to completely protect your organization against malware infection, you should adopt a ‘defence-in-depth’ approach. This means using layers of defence with several mitigations at each layer. You’ll have more opportunities to detect malware, and then stop it before it causes real harm to your organization.

You should assume that some malware will infiltrate your organization, so you can take steps to limit the impact this would cause, and speed up your response.

Actions to take

There are some actions you can take to help prepare your organization from potential malware and ransomware attacks.

Action 1: make regular backups

Action 2: prevent malware from being delivered and spreading to devices

Action 3: prevent malware from running on devices

Action 4: prepare for an incident

Steps to take if your organization is already infected

If your organization has already been infected with malware, these steps may help limit the impact:

  1. Immediately disconnect the infected computers, laptops or tablets from all network connections, whether wired, wireless or mobile phone based.
  2. In a very serious case, consider whether turning off your Wi-Fi, disabling any core network connections (including switches), and disconnecting from the internet might be necessary.
  3. Reset credentials including passwords (especially for administrator and other system accounts) – but verify that you are not locking yourself out of systems that are needed for recovery.
  4. Safely wipe the infected devices and reinstall the OS.
  5. Before you restore from a backup, verify that it is free from any malware. You should only restore from a backup if you are very confident that the backup and the device you’re connecting it to are clean.
  6. Connect devices to a clean network in order to download, install and update the OS and all other software.
  7. Install, update, and run antivirus software.
  8. Reconnect to your network.
  9. Monitor network traffic and run antivirus scans to identify if any infection remains.

The NCSC has jointly published an advisory: Technical Approaches to Uncovering and Remediating Malicious Activity, which provides more detailed information about remediation processes.

Note

Files encrypted by most ransomware typically have no way of being decrypted by anyone other than the attacker. However, the No More Ransom Project provides a collection of decryption tools and other resources from the main anti-malware vendors, which may help.

Further advice

There’s plenty of further reading and services that can help you protect your organisation from malware and ransomware attacks.

 

  1. Report
    Cyber security incidents can be reported to the NCSC by visiting https://report.ncsc.gov.uk/. We also encourage reporting to the Action Fraud website.
  1. Cyber Incident Response
    The NCSC runs a commercial scheme called Cyber Incident Response, where certified companies provide support to affected organisations.
  1. CiSP
    The Cyber Security Information Sharing Partnership (CiSP) offers organizations in the UK a safe portal in which to discuss and share intelligence that can assist the community and raise the UK’s cyber resilience. We encourage our members to share technical information and indicators of compromise so that the effects of new malware, particularly ransomware, can be reduced.
  1. Cyber Essentials
    You may also wish to consider the Cyber Essentials certification scheme (which covers a number of these mitigations), so your customers and partners can see that you have addressed these risks. Many of these mitigations also work well against other types of attack, such as phishing.
  1. Additional guidance
    Follow the NCSC guidance on protecting your organisation from phishing attacks.
    Larger organisations / enterprises should refer to the NCSC’s Device Security Guidance.

Business Tech Consulting

What sets us apart from many IT service companies is that we are not just a ‘fix it & leave’ service. We can help fix your issues, but we provide solid analysis of the problem first and then the solutions that will prevent future occurrences that help save cost.

MC Business Technology Consulting Group is not a typical IT Services Company; we are BUSINESS Technology CONSULTANTS. Our goal is to use technology to help shape businesses for the future. We look to find what works, what does not and how we can use technology and our expertise to add efficiencies, decrease costs and improve overall business function. We unravel the technology world and shape it so you can use it to take your business into the future.

Commitment

Right from start up to fully operational and multi-regional, we have clients with operations North America wide. Our goal is to provide the best possible solutions to help efficiency and save money. We have worked to build partnerships and resources to provide everything needed in a business. With highly qualified and experienced professional IT personnel, we consistently deliver the right solution for our clients.

Foundation

MC BUSINESS TECNOLOGY CONSULTING GROUP INC. is the premier Business Technology Consulting company in Southwestern Ontario. We are a combination of MarkIT Technology Solutions Group owned by Mark McIntosh and Office Wave Technology Solutions owned by Calin Popescu. Together Mark and Calin have created a company combining nearly 40 years of experience under one roof serving clients throughout Canada with Honesty, Integrity, and Transparency.

Calin

Calin is a highly skilled technology professional with 20 years experience in the technology industry.  After graduating from McMaster University, Calin moved to BC where he later graduated from ITI at the top of his class.  After a couple of years in sales, Calin started Office Wave Technology Solutions and grew his company to serve clients all over BC. Recently Office Wave merged with Mark IT to form MC Business Technology Consulting Group INC.

Mark

Mark started in the technology world in 2002 after graduating in Computer Science from Fanshawe College.  Since that time, Mark has worked with Ford Motor Company, as well as other manufacturing companies.  In 2013 the timing was perfect for Mark to start MarkIT.  Since that time, he has grown his company to successfully serve clients throughout Ontario.

Network Implementation

We can help clean up the “rat’s nest” currently in IT rooms, ceilings or within offices, improving connectivity and system management while creating a more pleasing and organized environment.

Procurement

We have the partnerships to provide all business technology needs.  These partnerships allow us to find the best equipment at the best prices. Our focus is on providing the best solution rather product sales.

VOIP Services

We can implement VOIP services and other communication platforms to businesses  in order to communicate from anywhere in the world while saving both money and time.

Cloud Computing

We can provide and implement cloud computing tools as well as infrastructure that allows businesses to operate safely and securely from anywhere.

Business Continuity / Disaster Recovery

60% of small companies go out of business within 6 months of falling victim to a data breach or cyber attack. 90+% within 2 years (Gartner Research) We can help protect you.

IT Outsourcing

Highly professional, experienced and trained IT specialists when needed without the heavy cost of staffing.

Business Technology Consulting

MC Tech Consulting leverages technology to increase security, business productivity and decrease costs.