Ransomware: What is it and how to protect against it

1 Feb 2022

4 min read time

At a glance

Do

1. Assess the damage:
Make an inventory of data that has been affected and determine whether or not any systems have been compromised.

2. Seek expert advice:
If you’ve got cyber insurance, call your insurer immediately. If incident response is part of the insurance policy, they can quickly connect you with an incident response expert who can help triage the situation. Alternatively, you can call the Australian Securities and Investments Commission (ASIC) for support.

3. Lock down the system:
Determine whether it is possible to expel the attacker before locking down your system to contain the spread of the infection and prevent the same attack from happening again.

4. Notify stakeholders:
Understand your obligations under the Privacy Act in the jurisdiction in which you operate. You may be required to notify both the authorities and your customers in cases where personal information has been stolen.

Cyber security resources and support

With new scams, phishing attacks and data breaches being reported every day, it's time to take charge and make cyber security a key part of your risk management strategy. Visit the CPA Australia cyber security resources to learn more.

Don't

1. Make rash decisions:
Think through all available options, preferably in consultation with an expert, to avoid deciding on impulse, which could lead to further complications.

2. Pay the ransom:
There is no guarantee that you’ll get your data back or that it won’t be leaked even after you pay the criminal. You also tend to become more vulnerable to future attacks if you pay up.

3. Log in through another device while it is connected to the network:
You don’t know how deeply the system has been compromised, so using another device on the same network will not solve the problem.

4. Back up your data into the infected environment:
Back-ups are your lifeline during cyber attacks, so be 100 per cent certain that your environment is secure and clean before restoring data.

Tips for protecting your business from ransomware

Educate your employees: Communicate the risk of ransomware attacks and the risk of clicking on a web link or email attachment from an untrusted source.

Turn on automatic updates: Make sure all IT systems and software have their automatic updates turned on, so that the latest security patches and anti-virus updates are applied.

Establish a reliable backup process: To minimise the impact on your business operations, you need to be able to quickly restore critical data and systems from back-ups that are regularly tested.

Enable multi-factor authentication: On top of a password to access a computer system, you can add authorisation through a one-time code that might be texted to your phone. This is important because if a cybercriminal has stolen a password, they cannot access your systems without the one-time code.

Source: Richard Bergman, partner and cybersecurity leader, EY Oceania.