Prepare for and protect against ransomware attacks
Ransomware has been a growing cyber security threat, and one which could affect any organisation that does not have appropriate defences. NCSC noted in their 2020 Annual Review that they have handled more than three times as many ransomware incidents than the previous year. In a recent speech at Chatham House’s cyber conference, NCSC CEO warned that ransomware presents ‘the most immediate danger to UK businesses and most other organisations.”
The NCSC ran a Ransomware Sprint across Government during September. The focus was to increase the UK’s resilience against ransomware attacks and drive up adoption of actions to prevent and manage attacks across key sectors. Below are some of the actions they recommend.
One of the key actions the NCSC recommend is performing regular back-up of your systems and data, which will enable quick restoration of business functions. Importantly, having offline versions of your backups is your best defence, as you can wipe any encrypted devices and restore from your offline back up. Read the NCSC’s blog on offline backups for more advice.
Remote Desktop Protocol (RDP)
Remote Desktop Protocol (RDP) account compromises are the source of half of ransomware attacks. The NCSC recommends that you check if you are using RDP and if you don’t need it, then make sure it is turned off. If you have to use RDP, NCSC recommend using Multi-Factor Authentication and secure accounts with unique, strong passwords.
Early Warning Service
You can sign up to the NCSC’s Early Warning Service which is designed to inform your organisation of potential cyber attacks in your network, as soon as possible. The free service automatically filters through trusted threat intelligence sources to offer specialised alerts for organisations so they can investigate malicious activity and take the necessary steps to protect themselves. Organisations will receive different types of alert, covering possible network compromises; notification of how their assets have been associated with undesirable activity or about their networks running vulnerable services that may need updating.
NCSC have actions you can take to help prepare your organisation from potential malware and ransomware attacks.