Ransomware – a real threat to your practice
You may have heard about large companies becoming a victim to ransomware – a potentially devastating attack that can bring a business to an abrupt halt. Many more small businesses have also been affected, most of which don’t have the IT resources in place to deal with such a problem. Ransoms for retrieving data are being paid weekly across the UK, and demands can range from a few thousand to tens of thousands of pounds.
Ransomware was the most significant malware threat of 2018, with numerous high-profile ransomware attacks. These malicious attacks were still increasing in 2019.
What is ransomware? It's a type of malicious software which encrypts data. In most cases, your company will not have been specifically targeted - rather, the attacks are automated on a large scale.
34% of businesses hit with ransomware took a week or more to regain access to their data. (Source: Kaspersky)
According to Mitigo, our cyber security partner, it commonly begins with an employee clicking on a malicious link or attachment through a random automated email, or via an email from another infected account that holds your email address.
Another common source is by a device or server having a vulnerability because it is not kept fully up to date with security fixes and updates. This can be where a download from a click pulls in the ransomware, which automatically spreads to find data and files it can encrypt. When it gets into a system, it takes the system down and encrypts the data on the company servers. Some ransomware can create new variants of itself and spread faster than it can be identified by anti-virus software.
In an increasingly mobile work environment, all businesses and their employees must be extra vigilant.
Once encrypted, it’s difficult to restore systems or data. This is because often systems are not fully backed up, or the backups are of the corrupted data. Some ransomware can even destroy backups or gain access through them.
The ransom demands are usually accompanied by a timer, which counts down the hours to the total and permanent destruction of data. The software blocks you from accessing your systems and data until the ransom demand is paid out. The attacker promises to send a decryption key to release the data/systems following payment.
97% of companies in the United States refused to pay a ransom. 75% of Canadian companies paid, followed by, 58% of UK business and 22% of German businesses. (Source: Kaspersky)
The threat of losing all their data permanently is what makes so many organisations pay the ransom demand. Paying to release the data seems a more viable option than losing invaluable information relating to the company. This in itself is a very dangerous game, as you can’t guarantee the criminal will release the data once the ransom has been paid out. More than half of all ransoms are paid in bitcoin.
So, what steps can you take to prevent it?
Every business should:
- have a disaster recovery plan - not just for cyber attacks, but for all kinds of major events that can stop normal operation
- make sure all operating systems, software and anti-virus are up to date and checked regularly to ensure they are working
- make sure equipment and systems are properly configured with security in mind - it's common for devices to remain in their 'out of the box' condition, with anti-virus missing from devices, firewalls not working, etc
- put the right layers of security and separation around data so that a virus can be contained
- set access rights and keep permissions to a minimum, otherwise attackers gain access to all areas of systems and data
- ensure that backups are properly structured so that, if necessary, everything can quickly be rebuilt again
- provide employees with training, to ensure they can spot a potential issue or malicious email in the first place - this is of utmost importance
Cyber security is not the same as IT support. Having your IT provider mark their own homework is rarely a good idea and in the case of a ransomware attack, can result in disaster.
Protection requires that vulnerabilities in technology, people, and processes are all brought to light and then addressed together on an ongoing basis. They should be assessed and tested by someone who is independent from whoever sold, fitted, or configured your technology.
One final note is to recognise that you cannot defend yourself against ransomware or other types of data attacks by technology alone. You must ensure ongoing cyber security awareness training for everyone in the organisation and test that it has been understood. You should put in place the right governance regime, with the right policies that fit the way your practice operates to keep the whole organisation safe. You should also regularly review and update these policies to ensure continued safety and uninterrupted business as usual.