Malware and Rasnomware

Free Website Security Check

    Malware and Ransomware

    Malware and Ransomware are the fundamental security risks posed to businesses through their websites, their emails and hosting solutions.

    What is Malware

    Malware is short for malicious software. Once on a device, the common results are

    • The device is now locked and can’t be used.
    • The data on the device is being stolen
    • Data is left encrypted or deleted
    • The device is now being used to mine cryptocurrency
    • The device is using premium services for which you are being charged
    • A common one is also where your device is now being used to attack other organisations
    • Obtaining details to other parts of the organisation which can now be attacked

    What is Ransomware

    Ransomware is where your files are encrypted until you agree to pay a ransom to unlock them. Sometimes the data has been stolen and won’t be returned into the ransom is paid. Demands are normally made in cryptocurrency.

    Unfortunately, there is no guarantee that once the ransom is paid that your files will be unlocked. In such a case this is called Wiper malware. It’s therefore prudent as part of your website security to have offline backups to restore should this happen.

    We advise that you don’t pay the ransom. Unfortunately, there is very little you can do to rectify things unless you have a backup, so it’s important to put security features in place on your website systems before this occurs. This is known as a defence-in-depth strategy and what we implement for customers.

    Actions taken to prevent malware and ransomware

    Here are the key areas to focus on to reduce the opportunity for malware and ransomware

    • Monitoring systems to check 24-7 for any malware that infects your website
    • Hosting platform configuration and security
    • Patching
    • Maintain regular backups, ideally offline
    • Assess your cloud data usage and it’s security risk
    • Prevent malware spreading between devices
    • Mail filtering systems to stop phishing
    • Anti-spoofing systems
    • Provide security training for individuals in your organisation
    • Watch out for malicious Microsoft macros
    • Manage your firmware

    Free Website Security Guide