How to avoid a ransomware attack and how to protect against it?

20 July 2023

Since the Covid 19 pandemic which raged in 2020, we have heard more and more about companies being victims of cyberattacks (BRP, Uber, Bell, Ville de Longueuil, etc.), in particular by ransomware or ransomware in English. The latest data on the subject in Canada and in particular in Quebec are not reassuring:

64% of Quebec SMEs have never been so worried about the risk of cyberattacks as they are today (CFIB 2022 survey)
Nearly two-thirds (61%) of Canadian businesses have experienced at least one cybersecurity incident and three-quarters (74%) have not reported it (Communications Security Establishment survey)
Nearly half of Canadian SMEs (44%) do not have a comprehensive cybersecurity plan (2021 KPMG survey)

What is ransomware?

Ransomware is a type of computer attack usually in the form of malware that encrypts and blocks a company’s or individual’s data, devices. This attack ends in the vast majority of cases with a ransom demand to obtain the decryption of the data.

How can ransomware get in and infect a business?

We see in some cases that cybercriminal attacks will exploit known vulnerabilities in software that have not yet been detected and updated. But in the vast majority of cases, ransomware infects a company’s computer systems after opening a fraudulent attachment (phishing), a malicious link received by email or while browsing websites. Web compromised.

The cybercriminal therefore remotely takes possession of the infected computer invisibly to enter the company’s network and take possession of all of its sensitive data. This phase of intrusion, identification and stealing of data can last several days or even weeks without anyone noticing.

Attacks can be launched during a specific period known to cybercriminals (often at night, on weekends), in order to maximize the chances of going undetected and interrupted.

How to react to a ransomware cyberattack?

There are several avenues available to you, but here are the main ones to adopt first:

  • Have a policy and action plan to respond to cyber incidents
  • Have BCP (Business Continuity Plan), well established
  • Make sure to do business with a firm specializing in cybersecurity for the investigation and the drafting of reports
  • Make sure to communicate quickly with your cybersecurity insurer
  • Never communicate with cybercriminals, leave this task to the experts 😉

What are the best practices to adopt to avoid being phished?

According to cybersecurity organizations CISA, NCSC-UK, there are several methods to guard against such a situation:

  • Make regular backups of the most critical files, outside your traditional network
  • Install and enable spam filters
  • Do only certain operations or use certain software in the cloud (cloud)
  • Activate and use MFA (Multi Factor Authentication) or AMF (Multifactor Authentication) on all software used
  • Segment networks to prevent breaches from affecting the entire network
  • Keep your software up to date
  • Train your employees in cybersecurity best practices

Advice from our experts at I-Tech Solutions:

Cybersecurity education, training and employee awareness is the first bulwark of a winning culture when it comes to talking about cybersecurity.

The integration of an antispam system to be able to filter incoming and outgoing emails that could be malicious.

Also, the integration of an EDR (Endpoint Detection & Response) or XDR (Extended Detection & Response) system is essential to mitigate human errors that are committed by users when inadvertently opening a malicious email.

Finally, subscribing to an MTR/MDR (Managed Threat Response/ Managed Detection and Response) service to ensure rapid handling of incidents or threats by a team of experts 24/7 is essential.

Do not hesitate to contact us if you have any questions about cybersecurity, we will be happy to discuss with you.