Blog post

Petya & WannaCry Cyber Attacks: How to protect yourself from ransomware

In the wake of the most recent ransomware attacks across the globe, many major businesses have been affected, taking out servers at Russia’s biggest oil company, disrupting operations at Ukrainian banks and shutting down computers at multinational shipping and advertising firms.

In the past month, two global-scale attacks have been executed: Petya and WannaCry.

What they have in common is that businesses are being held hostage through encrypting their files in exchange for a large sum to be sent through in Bitcoin cryptocurrency.

A screenshot of a WannaCry ransomware attack on Windows 8 is shown below.

What Can You Do To Protect Your Business:

Here are some ways to protect yourself from ransomware.

Back up your files

The greatest damage people suffer from a ransomware attack is the loss of files, including pictures and documents.

The best protection against ransomware is to back up all of the information and files on your devices in a completely separate system. A good place to do this is on an external hard drive that isn’t connected to the internet. This means that if you suffer an attack you won’t lose any information to the hackers.

Be suspicious of emails, websites and apps

The most common way for the software to be installed on to computers and your business network is through phishing emails, malicious ads on websites, and questionable apps and programs.

For ransomware to actually breach into your system, the hackers/scammers require you physically download their malicious software onto the computer, where it spreads and launches the attack by encrypting files.

It’s important to be cautious with any email or app you don’t trust. Never download an app that hasn’t been verified by an official store, and read reviews before installing programs.

Use an antivirus program

A tip that will never go out of fashion. Antivirus programs can stop ransomware from being downloaded onto computers and can find it when it is.

Most antivirus programs can scan files to see if they might contain ransomware before downloading them. They block installations from malicious adverts when you’re browsing the web, and look for malware that may already be installed on a computer.

Always install updates

Companies often release software updates to fix vulnerabilities that can be exploited to install ransomware. It is therefore advisable to always download the newest version of a software as soon as it is available.

What happens if you are affected?

Victims of ransomware attacks are advised to never pay the fee as it encourages attackers and may not result in files being recovered. There are some programs that can help decrypt files. Or, if you have a back up, you can restore your device from that.

Blog post

5 Simple Ways to Prevent Your Site From Being Hacked

I’m always amazed when people don’t take steps to ensure the security of their website. Hacking happens to other people. It’s never my site that’s in danger.

The stats, however, tell a different story.

37,000 websites are hacked every day. You can see the daily number in real-time at Internet Live Stats. As I write this, the number is just over 54,000. And it’s barely the afternoon!

The reality is that by taking a few simple steps you can protect your site from hackers. Here are five easily-implementable ways to improve your site’s security.

  1. Keep your content management system (CMS) up-to-date

This step is first and foremost. You should keep your CMS, plugins, operating system and any other software kept on your server up to date. Website software, particularly when it’s developed for Linux, uses open-source code. This means that all the code is available for hackers to scrutinize.

By ensuring that you have the latest version, you’re essentially putting yourself one step ahead of the hackers. CMSs like WordPress will automatically ask you if you want to install the latest software and security patches, and updating is usually a simple matter of clicking a button.

We recently had a client’s website get hacked a week after the 4.7.2 version was released. They were still on version 4.7.1 which had some exploits. It’s a simple thing to stay on top of, which is why we offer maintenance packages.

  1. Get an SSL certificate

This is important for preventing hackers from stealing the data that your customers give to you. An SSL certificate will enable the encryption of all the data that is exchanged between your server and your site visitors’ browsers.

Getting an SSL certificate is easy but the process of updating a site from http to https can be quite complex, with a number of potential pitfalls. It’s always worth bringing in a developer to deal with a full migration.

  1. Use strong passwords and usernames

Despite the obviousness of this advice, you would be amazed at how many people still use simple passwords and generic usernames for all aspects of their sites. Simple login details for your CMS are one thing, but if you’re using common passwords and usernames like “admin” for databases and webmail accounts then you’re asking for trouble.

Third-party tools, like Lastpass, can be tremendously useful for improving password security. They will generate and save login details, allowing you to access them quickly whenever you need, by automatically populating login forms.

  1. Guard against SQL injections and cross-site scripting (XSS)

SQL injections are one of the oldest weapons in the hacker arsenal. SQL is the language used to query databases. Whenever you log in to a password-protected area of a website, you are essentially asking that site’s database to confirm that your password grants you access.

By taking advantage of badly designed web forms, hackers are able to gain entry to your databases. Security measures, like the use of parameterized queries, tend to involve tightening the number of queries that a database will respond to.

Cross-site scripting works on a somewhat similar principle, but uses web forms to install JavaScript onto your site which then runs in your visitors’ browsers. If, for example, you run an unmoderated internet forum, a hacker could create a post that includes Javascript that asks for users’ information. As with SQL injections, protection involves restricting the ability of hackers to input malicious code.

  1. Use website scanning software like SiteLock

In the same way that you scan your home computer, it’s important to regularly check your server for viruses and malware. Shared hosting and managed VPSs will tend to have scanning software installed, or offer inclusion of a scanning service like SiteLock for an extra cost. It’s always worth checking what the options are.

What should you do next?

Website security isn’t a simple topic. Companies with bigger sites, especially those that deal with large amounts of data, are best-advised to seek the advice of a professional developer. We can handle all of this for you, head over to our capabilities to learn more, and get in touch with us today.