Here’s a real scenario: Simon ran a successful B2B UK consultancy but when his business suffered a ransomware cyber-attack in 2019 it almost cost him everything.
That Wednesday was just like any normal day, nothing unusual, until his staff started to report that emails weren’t getting through and then access to the server was denied. As Simon was speaking to his IT support, he got the email. His server and its remote cloud back up had been compromised by professional hackers demanding £100,000 in a Bitcoin ransom to release a code and restore access.
Ten days of almost total business shutdown followed whilst Simon engaged a team of IT specialists who tried to find workarounds and negotiate with the hackers. Simon did eventually get back control of his business, a Bitcoin ransom was paid as part of the deal but the experienced negotiators brought the amount down significantly.
The total financial cost for Simon by the end was probably near £70,000 with the specialist IT fees, his staff unable to work and other lost business revenue.
Let’s consider this scenario in more detail:
Let’s start with the basics - what is ransomware?
It’s a computer program written by criminals which encrypts and withholds your data. Criminals know that your data is valuable and their demand is simple, pay us and you get your data back.
Or will they? There are no guarantees so it’s really important that your business doesn’t find itself in this predicament.
Step 1 – Understand what ransomware is - at its core it’s a computer program and, think about it, programs don’t just appear on our computers, they appear because they are put there, i.e. we download and install the software.
i) Phishing emails – Criminals try to trick us into opening attachments in emails, why do they do this? As the attachment, if opened, might contain ransomware, this is one way of delivering malicious programs onto our systems
ii) Phishing links – Criminals try to trick us into clicking on links in emails, why? As the link can take us to a malicious webpage, which contains malware, so by visiting the page the ransomware is downloaded onto our systems.
iii) Remote weaknesses – criminals like to look for outdated and unpatched systems online. They have bots - computers under their control - systematically looking for these vulnerable systems. Once they find them, they can then exploit use the weakness to install the ransomware.
Step 2 – how to defend against ransomware.
i) Install and keep up to date antivirus on all devices – these are the programs which look for and detect ransomware, they try to remove malicious programs or stop them from being executed. Backups – keep regular backups of your data, so you can restore your data without having to pay a ransom. Please ensure these backups are kept separate from your systems as the ransomware might encrypt your backups as well. Email filters and spam filters can identify the email that contains malware and quarantine it before it reaches the user.
ii) Education – educate your staff on phishing emails, how confident are you that they wouldn’t open an attachment on a suspicious email? The National Cyber Security centre https://www.ncsc.gov.uk has some great guidance on how to do this. You could deploy training phishing email campaigns in your organisation to understand your employees’ vulnerability.
iii) Patching – keep your systems up to date, which stops systems from becoming vulnerable. Know your weaknesses by running vulnerability assessments which can tell you if you have exploitable weaknesses.
Step 3 – how do you bounce back? So, okay the worst has happened and your data has been encrypted, are you insured to cover any loss that might result from this infection? Do you have a plan in place if your organisation was attacked with ransomware? How would you operate? How long can you tolerate not having data access? Would you need to self-report to the ICO under GDPR?
This isn’t intended to be an exhaustive list but if you do the basics right, your organisation should be able to withstand the simple, untargeted attacks - the random phishing email, the bot looking for weaknesses - because if you don’t have them, chances are the attacker will simply move onto the organisation that does.
Also, consider the NEBRC’s ethical hacker services which can help your organisations avoid untargeted attacks.
We simply want businesses to avoid the pain and stress of such breaches and make our communities more resilient to attack in these challenging times.
Martin Wilson, Head of Cyber and Innovation at the NEBRC