Four signs you’re under attack from ransomware

What is ransomware?

Ransomware is a type of cyber-attack, where criminals access your systems and lock you out of them, before demanding that you pay a ransom which is usually in some kind of cryptocurrency, most likely Bitcoin.

The most frightening thing about this kind of attack, is that the hackers can lay ‘dormant’ for a number of weeks or months before locking you out. What this does mean, is that they will start preparing to carry out their plan, leaving some tell-tale signs in their wake.

Although the following signs you’re under attack might sound a bit technical, they’re good things to know if you ever suspect you or a member of the team may have unwittingly provided information to someone with criminal intentions.

 

1. Check for open RDP links

RDP stands for ‘Remote Desktop Protocol’ and it’s Microsoft technology which allows a local computer to connect to a remote PC over the internet. If members of your team have been working from home during the pandemic and connecting to the work network, it’s likely that this tech is in use within your business.

While it’s really helpful, RDP links which are left open are a prime route for cyber criminals to gain access to your network. To protect connections, it’s worth making sure multi-factor authentication is being used, and that a scan for open RDP ports is carried out on a regular basis so that you can keep an eye on anything amiss.

 

2. Look for suspicious software

Make sure you use a network scanner so you can keep an eye on what’s running, and who’s using it. That way, you’ll be more likely to notice anything unfamiliar that appears.

If your IT partner manages your IT for you, they are likely carrying out this kind of proactive check without you even realizing it.

 

3. Keep an eye on administrator accounts

Generally, Network Administrator accounts have authority over which applications are downloaded to your network. Hackers create an administrator account in order to download the tools they need to carry out their hijack of your systems.

 

4. Check for inactive systems and software

What do burglars often do? They disable alarms before carrying out their crimes. In some ways, cyber criminals are no different. Before launching their attack, they’ll disable security software and any means of backup they might find. They take their time over this, so that they can do a thorough job while remaining undetected. The job they do is so thorough, that it’s highly unlikely that even the most experienced of IT professionals will be able to unpick the mess that the hackers cause. Your options will be to attempt to restore backups, or pay the ransom (although there are no guarantees that they’ll release your data, or that they won’t ask for more money).

 

If you’d like us to take a look at the security you have in place and make suggestions of improvement, or you’re looking for ongoing IT support – please get in touch. Just give us a call on 01373 768024 or email your query to hello@clearskyit.co.uk