Ransomware is big business. It’s one of the fastest growing online crimes. Cyber criminals are targeting small and medium sized companies as well as non-profits and government agencies.
It’s the computer crime where your data is encrypted so you can’t access it unless you pay the ransom fee.
The really scary part is that it’s unlikely you’d realize you were under attack from ransomware until it was too late.
Cyber criminals hide in your network for between 60 to 100 days before they strike. During that time they’re checking out your network, identifying vulnerabilities, and preparing what they need to hit you with the attack.
And they do all of this without leaving much of a footprint for you to discover.
Fortunately, there are a number of signs you can be on the lookout for to identify an attack and stop it in its tracks. This is the most technical thing you will ever read from us, but it’s important you know what to look out for.
Open RDP links
What’s an RDP link? How do you open or close one?
RDP – or Remote Desk Protocol – is Microsoft tech that allows a local PC to connect to a remote device. You’d use it if you’ve worked from home.
And many people neglect to close their open RDP links when they’ve finished with the connection, allowing cyber criminals easy access.
Scan for open ports regularly and start using multi-factor authentication (where you generate a login code on another device) if you don’t already.
Unfamiliar software
Noticed new software on your device lately? It’s probably not an update.
Hackers typically gain access to one device, and then use particular software tools to access the entire network. Look out for anything you haven’t noticed before, but particularly apps called Angry IP, Advanced Port Scanner, and Microsoft Process Explorer.
New administrators
Noticed a new admin on your system? It’s worth double checking that your IT team hasn’t added the new person.
Cyber criminals will set themselves up as administrators so that they can download the tools they need to carry out their attack of your network. And to do this, as well as the software mentioned above, they may also use other software called Process Hacker, IOBitUninstaller, or PCHunter.
These are all pieces of software that your business may legitimately use, but they can be used to uninstall security software and your anti-virus application.
Disabled software
Of course, to carry out the perfect attack, your security software needs to be disabled. Some things called Active Controller and domain controllers will be disabled when the attack is imminent, and it’s likely that your back-up will be corrupted too.
Ensure that someone is regularly checking that software is active, and your backup is working as it should be.
Remember, ransomware attacks are usually slow, so these things won’t all appear at once. Vigilance is key here. Keep an eye out for anything unusual, and if you do spot something, no matter how minor, report it right away. It could help stop a huge, costly attack on your business.