Ransomware is big business

It’s one of the fastest growing online crimes, and if you haven’t already been targeted, it’s likely you will be at some point in the future.

It’s the computer crime where your data is encrypted so you can’t access it, unless you pay the ransom fee.

The really scary part is that it’s unlikely you’d realize you were under attack from ransomware until it was too late.

Cyber criminals hide in your network for between 60 to 100 days before they strike. During that time they’re checking out your network, identifying vulnerabilities, and preparing what they need to hit you with the attack.

And they do all of this without leaving much of a footprint for you to discover.

Fortunately, there are a number of signs you can be on the lookout for, to identify an attack and stop it in its tracks. This is the most technical thing you will ever read from us; but it’s important you know what to look out for.


What’s an RDP link? How do you open or close one?

RDP – or Remote Desk Protocol – is Microsoft app that allows a local PC to connect to a remote device. You’d use it if you’ve worked from home. And many people neglect to close their open RDP links when they’ve finished with the connection, allowing cyber criminals easy access.

Scan for open ports regularly and start using multi-factor authentication (where you generate a login code on another device) if you don’t already.


Noticed new software on your device lately? It’s probably not an update.

Hackers typically gain access to one device, and then use particular software tools to access the entire network. Look out for anything you haven’t noticed before, but particularly apps called Angry IP, Advanced Port Scanner, and Microsoft Process Explorer


Noticed a new admin on your system? It’s worth double checking that your IT team hasn’t added the new person.

Cyber criminals will set themselves up as administrators so that they can download the tools they need to carry out their attack of your network. And to do this, as well as the software mentioned above, they may also use other software called Process Hacker, IOBitUninstaller, or PCHunter.

These are all pieces of software that your business may legitimately use, but they can be used to uninstall security.


Of course, to carry out the perfect attack, your security software needs to be disabled. Some things called Active Controller and domain controllers will be disabled when the attack is  imminent, and it’s likely that your back-up will be corrupted too.

Ensure that someone is regularly checking that software is  active, and your backup is working as it should be.

Remember, ransomware attacks are usually slow, so these things won’t all appear at once. Vigilance is key here. Keep an eye out for anything unusual, and if you do spot something, no matter how minor, report it straight away. It could help stop a huge, costly  attack on your business.