Practical Countermeasures Against Cyber Attacks & Ransomware

Practical Countermeasures Against Cyber Attacks & Ransomware

September 08,2016

What is ransomware?
And what can you do to protect your business?

A recent spike in cryptolocker ransomware attacks is putting businesses in the firing line.

A number of successful cyber attacks have adversely affected businesses in Western Australia, with evidence of an increase in emergency restores from backup to recover from cryptolocker infections.

In a nutshell, cryptolocker ransomware works as a viral infection which encrypts any files it can access.

Without the encryption key, the files are locked and inaccessible. If the attack is extensive, your entire IT system may be locked out.

Once your system is infected you have the choice of paying the ransom for the key to decrypt the files, or deleting the encrypted files and recovering your data from the last backup.

There are various different manifestations of how it works. None of them are pleasant.

Without meaning to be alarmist, all businesses are in the firing line for malicious attacks and exploitation. It is apparent that targeting of businesses for infection and exploitation is random and widespread.

it services and support

Remember there are no absolutes in cyber security. Risk factors like zero-day virus infections (where a virus is so new it is not recognised) and human nature (where curiosity, trust or confusion can lead to viral infection) cannot be eliminated.

However, similar to physical security against theft with door locks, monitored alarms and insurance, protecting your business against cyber threats requires reasonable and practical protections to be applied in multiple ways.

Below I have listed basic practices to minimise the risk of cryptolocker infection, limit the scope of any infection and aid recovery if you are infected. Most of these practices are simple to enact and maintain.

  1.  Ensure endpoint (computer) antivirus software is installed, active and up-to-date on all computers (laptops, desktops and servers).
  2.  Instruct all staff to beware of opening links or attachments in unsolicited emails or from unknown websites. This is the most common source of infection.
  3.  Implement domain policy to enforce password complexity requirements and account lockout after a certain number of failed logon attempts.
  4.  Ensure all service (non-user) accounts have complex passwords applied (especially Administrative accounts).
  5.  Disable or delete user accounts which are old, unused or were created for testing. Test or old accounts with simple passwords are a common vector for unauthorised access.
  6.  Review the permissions and accounts which allow remote access to your systems. Disable remote access for anyone who doesn’t need it and do not allow generic or test accounts to have remote access.
  7.  Implement security groups to control and limit access to your file system. Importantly, remove any user accounts from your Domain Administrators group. This change can be disruptive, so this will need to be managed to ensure file system access remains workable.
  8.  Deploy effective and up-to-date perimeter defences such as L7 firewalls to detect, report and manage virus, malware and intrusion attempts.
  9.  Review VPN access policies to use SSLVPN tunnels for remote access.Older VPN technologies are exploited by hackers.
  10.  Review your firewall configuration to close any unused ports. Open RDP ports are a common target for internet hackers to gain remote access to your systems.
  11.  Ensure you have reliable backups, and your backup retention policy allows you to wind-back X days or weeks to recover lost data if you are infected.


If you believe you have been targeted, or wish to learn more about preventing cyber attacks, contact XCy today for more information about our cyber IT solutions, IT services and support.



2020 2018 2017 2016




  • This field is for validation purposes and should be left unchanged.