Each year sees a new buzzword for business leaders and cyber security experts alike. From Bitcoin to Blockchain, the unofficial theme of 2019 seems to be RANSOMWARE ATTACK.

All over the world, businesses and governments have seen a dramatic rise in the number of ransomware attacks. It is fast becoming the new modus operandi for criminal syndicates and amateur criminals alike due to its ease and simplicity. Even an amateur hacker (or a disgruntled employee) can deploy a devastating attack against their chosen victim.

In order to protect yourself against this type of attack, it is important to understand what it is and what can be done to avoid it.

In short, it is a computer program which encrypts all files and demands a payment in anonymous cryptocurrency (hence the term ransomware) for the unique decryption key which unlocks the files. While encrypted, the infected computer and all information within is completely useless to the user. The smartest variants of ransomware first copy themselves throughout a computer network, infecting all user machines and servers, meaning that it is not only a single device which is encrypted but potentially the entire network as well as the backups too.      

One can easily see how modern businesses grind to a halt when all their information has been snatched away from them. It’s not simply an inconvenience, it is crippling to the day-to-day operations.                                           

The victim only has two options to regain access to their files: pay the ransom or revert to the latest backup files and start from scratch.  Where backup files are outdated (say, for example, only a monthly backup of the business-critical data was made) or were also encrypted, businesses can find themselves forced to pay the ransom demanded.

Ransom amounts vary, with some being as “small” as $500 US. When dealing with advanced ransomware that first copies itself throughout a network, however, businesses can be looking at a ransom amount per machine. The city of Baltimore discovered this to their horror in May 2019, where the city’s government was effectively shut down for weeks and is estimated to cost $18m US once the dust settles.

 

So what should we do to prevent this kind of attack?

Basic network security and anti-virus solutions can go a long way in protecting a business. Employee awareness training will add an extra layer of defence, educating users on how to detect and avoid suspicious links and applications in the day to day jobs. The beauty of ransomware from an attacker’s perspective is that it is scalable, however. A million infected emails can be sent out across the globe with relative ease, and it only takes one accidental click to trigger the malware. These spray-and-pray attacks are highly effective as they inevitably catch someone off guard.

Aside from proactive risk management which can help avoid falling victim to this kind of attack, it’s equally important to examine the reactive risk management procedures in place. The first step is to maintain an effective backup lifecycle to minimize the amount of data which might be lost in a disruptive event (ransomware or other). This reduces the likelihood that you will be forced to give in to an attacker’s demands.

The second step is to ensure that if your business is purchasing cyber insurance, it adequately covers you for this eventuality. Unfortunately, there are many cyber insurance policies on the market which appear to be providing the right type of cover with high sum insured’s available across the broad policy but sub-limit cover available for cyber extortion. Given the prevalence of ransomware and similar extortion attacks in the recent years, it is important to review the cover offered to make sure it meets your unique exposures.

One can never truly be protected from these attacks, especially when it can come from within your own organisation through the actions of a disgruntled employee, but preparing adequately ahead of time can be the defining difference between a victim and a survivor of the next big ransomware attack.

The Camargue Academy will be hosting an employee awareness training session on 3 September 2019, where Cyber Safe Consultants will be providing a comprehensive overview on the importance of employee awareness in the workplace and how it can be utilized to prevent cyber-attacks. Click here to reserve your seat and earn 1 FAIS CPD Hour.

Leave a Reply