Are your IT teams and 3rd party suppliers taking ransomware seriously? Are you? Ransomware is on the increase as recent high profile incidents prove – WannaCry, Locky, CryptoLocker etc being infamous examples. It's not just large organisations and enterprises that are being targeted. There are easy pickings to be had for cyber-criminals from SMEs, across all sectors; which means IT departments, business owners and CEOs need to get up to speed and take preventative action.
Examples like WannaCry make the national news and highlight how vulnerable IT systems and data can be. But many smaller businesses are lulled into a false sense of security because these reported cases involve organisations like the NHS, financial institutions and governments. However, there are also many unseen victims of ransomware attacks, that don't make the headlines and can spell disaster for the businesses affected.
Companies – perhaps like yours – are often easy targets because they don't always have the cyber security tools in place to protect their businesses or the threat intelligence needed to spot new variants. Also they may not have the capital to invest in retrieving their data, by employing a data recovery firm, and therefore they may feel they have no choice but to pay the ransom.
While ransom demands are typically low enough for a small business to swallow, by paying them we are essentially funding continued attacks by criminals. Moreover as the example below shows, paying a ransom is no guarantee that you will get all your data back.
Ransoms are not the only cost a business many incur if they fall foul to a ransomware attack. Business operations can be severely disrupted until systems are restored, and this costs too.
Ransomware affects everyone – from multinationals to small local firms
You may have read that a hospital in Hollywood paid US$17,000 (£12,800) in 2016 to get their encrypted files back, but what about the dairy in the UK that paid £5,000 to retrieve their data?
£5,000 may not be a huge sum in the scheme of things, but the overall cost to the business was much higher than that. Here's what happened:
An employee opened a Microsoft Word email attachment from an unrecognised email address towards the end of the working day. When the attachment was clicked, nothing happened so they deleted the email and thought no more of it.
However, when staff tried to access their computers early the following morning – in time to receive over 100,000 litres of milk from local farms – they were greeted with a ‘splash screen' telling them that their data had been encrypted and demanding a ransom equivalent to £5,000. Overnight the ransomware variant introduced by that Word attachment had been busy encrypting all the data on the dairy's system.
What happened next demonstrates why all businesses need to ensure they have protection and preventative measures in place. The dairy thought that they would be OK, as they had a regular back-up process in place. However, those back-ups were not isolated from the system and so they too had been encrypted.
In the meantime, milk tankers were arriving at the dairy but were unable to unload because critical systems were not accessible. This caused huge backlogs and all the associated problems of having milk sitting in tanker lorries for too long.
The dairy therefore paid the ransom, but systems and data were not restored immediately. Only a small fraction of the encrypted data was recovered, even though the ransom was paid, and it took a number of days to rebuild their systems from scratch.
You can imagine the long term impact on the business of this innocuous email attachment, both in terms of reputation and the bottom line.
What can you do?
The first question to ask is “what are your IT team and 3rd party suppliers doing about it?” Do they have back-up processes in place that isolates business critical data to enable a fast recovery? Are they responsive when it comes to patching – the cause of the WannaCry attack? Are they monitoring systems to ensure they identify attacks quickly and minimise damage?
Another important factor is staff awareness and training, taking a proactive role in preventing attacks. If the employee at the dairy hadn't clicked on that email attachment…
However, it's not our employees' fault if we don't have cyber-security policies and tools in place to protect our businesses. The threat landscape is constantly evolving and becoming increasingly sophisticated. Therefore, it is also necessary to ensure your business has access to the most up-to-date threat intelligence. Partnering with providers offering cyber-security solutions that look for unexpected behaviour – not just known signatures – is an effective way to protect your business from new variants.
Of course, it is frustrating that businesses have to invest in cyber-security tools to protect their systems from criminals. However, not putting protection in place can be much more expensive in the long term – damaging reputations and costing businesses in terms of loss of productivity and recovery. These factors can seriously affect the health and viability of a small or medium business, and many don't recover.
For more information on ransomware, including what to do in the event of an attack visit the No More Ransom! website. This site is supported by Europol, as well as numerous cyber-security companies and organisations, and provides an excellent resource for small and large businesses.
Contributed by Ken Gilmour, CTO, Invinsec
*Note: The views expressed in this blog are those of the author and do not necessarily reflect the views of SC Media or Haymarket Media.