Things have not improved since the last time we talked about Ransomware. Back then, we gave you some practical tips to reduce your risks and protect your business. The advice we gave back in 2019 still stands, and we will be giving you a reminder of it below.
However, there has been a huge surge in cases of Ransomware attacks recently, which is why we want to talk some more about this issue here.
Why is Ransomware such a problem?
Ransomware attacks stop and organisation and its users from accessing their data or systems until a ransom is paid. The malicious software gives the attackers full control over the victim’s systems by encrypting data and denying access to it.
In 2020 alone, Ransomware attacks increased by 485% year on year. Targeted Ransomware attacks – as opposed to a more random ‘spray and pray’ approach – have increased by 767%. These attacks have included a recent incident involving a serious email compromise at the West And North Yorkshire Chamber of Commerce.
So what is behind this dramatic surge?
The COVID-19 pandemic has clearly changed many things, including the way that most of us work.
Over the last year there has been a significant shift towards remote working. This may change as restrictions ease and organisations ask people to come back into the office, but a significant number of workers are still keen to remain either working remotely or in a hybrid role across both home, office and mobile.
Ransomware attackers have taken advantage of more people working away from the office, capitalising on weaker security as employees use their own devices and their own networks for work. Many now break into organisations thanks to poor passwords or via remote desktops, through insecure WiFi networks, phishing attempts or just through an overall lack of awareness around the threat.
We have also seen how Ransomware is now available as a service. Ransomware code is now offered online for potential attackers to use, with the developers collecting a percentage of any subsequent ransom that the attacker is paid. As a consequence, Ransomware is now easier to access and deploy than ever before.
Finally, we are seeing new Ransomware variants emerging all the time. Just as in any industry, Ransomware developers are constantly innovating, and trying to find new ways to attack and encrypt systems and data differently.
Recovery costs are on the rise
The rise in targeted Ransomware attacks is significant. It shows that attackers are becoming increasingly innovative in the way that they pick and choose their potential targets. Many Ransomware attackers will now do their research into a company before they choose their moment to strike.
Often, their demands for payment are determined by a company’s value and what they believe they can afford. Before a targeted attack, the research has been done upfront to determine what value any encrypted data will have. As a result, more victims are paying ransoms, and the amount they are paying is increasing too.
While paying is understandable, it is also encouraging those behind the attacks, and we would never recommend it. In fact, some governments are now looking to make it illegal to pay ransoms – including France, the US and the UK.
Education is the best protection
If you have your data backed up then in theory you won’t need to pay any ransom if your data is encrypted. You will simply ignore the threats, purge your systems and replace your encrypted data with a clean copy. But being locked out of your data is only one part of the issue in the wake of an attack.
Once a copy of your original data is in someone else’s hands, there is a good chance they may then subsequently hold you to ransom over the disclosure of that data. In many cases attackers will blackmail people by sending them a snapshot of their data and demanding that they pay – threatening that otherwise they will release the rest. It’s also worth remembering that on average it can take up to 197 days to identify a breach and 69 days to contain it.
With this in mind, whether you have an effective disaster recovery system or not, clearly the best scenario is to avoid having your data encrypted by attackers in the first place. So how do you protect yourself and your organisation against attack?
Top strategies for protecting your organisation against Ransomware attacks
- Staff awareness and training
Education is the best weapon in the fight against Ransomware attacks. Make sure that your employees are aware of the most common tactics – for example, emails from hackers pretending to be from your own IT department asking them to install a piece of software.
Make it clear that they should never click on an unsolicited email or text or provide personal information when the request is unsolicited. Encourage everyone to immediately tell your IT team if they receive a suspicious approach.
- Policies and procedures
Ensure that you have effective policies and procedures in place to counter any Ransomware threat. This includes having a remote working security policy (one that recommends only using a trusted VPN when using public WiFi, for example). Or, having an effective back up procedure that is followed by everyone across the organisation.
Also don’t just assume that the native back up included with a system like Office365 or Microsoft Teams will do everything you need it to do – it may not be as comprehensive as you think.
- Technology
Unsurprisingly, technology plays an important role in keeping your data out of the hands of Ransomware attackers. This includes having a strong firewall and an effective antivirus solution. There are also software solutions such as that will protect you if you click on a malicious link, by searching back from the link and identifying Ransomware servers.
What to do if the worst happens
If an attack is successful, then businesses that don’t have any kind of disaster recovery in place can only hope that they regain access to their data if they choose to pay any ransom (which again, we certainly don’t recommend).
Organisations with an effective data recovery process are obviously in a much stronger position. Assuming they have a back up, smaller businesses generally find data recovery more straightforward, because they have fewer systems and a simpler infrastructure to deal with. Once these are cleared or replaced, putting the data back can be relatively easy.
If you’re a larger business with more complex systems – such as Colonial Pipeline in the US – a simple recovery from back up is not as straightforward. Larger organisations often have to analyse multiple back up data sets until they find one that is clean.
Remember that you are also required by law to report any data breach to the Information Commissioner’s Office (ICO) within 72 hours. We’d suggest that this is a prudent thing to do, even if you’re not 100% sure that a breach has taken place. In our experience it is always better to start the process, face any potential issues and begin to investigate the incident. It is an approach that can only help in any subsequent legal claims that might arise as a result of your data being breached.
Taking a proactive approach here is incredibly important. Many people bury their heads in the sand about the risks of data breaches. Our advice? Don’t be the ostrich.
The technology and expertise to keep your business running
Here at virtualDCS, we know that most organisations want to be able to recover their data as soon as possible and get back up and running again quickly. It is why we always encourage our clients to test their disaster recovery process regularly to ensure that it works for them.
We have posted before about how one business had to resort to shipping their back up data physically on a USB device when they realised it would take a week to restore a back up of their systems via their standard business broadband.
For most companies, that is simply too long for their business to be on hold. Instead, virtualDCS can ensure your organisation has the most appropriate disaster recovery solution in place get you up and running again as soon as possible.
Need some help?
Concerned about the increasing risks of a Ransomware attack on your business? If you would like to talk to our expert team about how we can protect your data and ensure business continuation in the event of a Ransomware attack, just let us know and we will discuss the options with you.
Call us today on +44 (0)3453 888 327 to discuss your specific needs, or email enquiries@virtualDCS.co.uk.
