Ransomware and phishing attacks are on the rise – how should your organisation respond?
I’ve written about many different aspects of IT security on this blog before. One of the most insidious risks to the security of your IT systems is ransomware attacks, which are on the rise. Ransomware is now one of the top three most successful tactics adopted by cybercriminals and in the case of successful ransomware attacks research shows that over one third of companies ended up paying the ransom, rising to almost half (47%) amongst smaller companies. In the UK just in the past year organisations ranging from The Guardian to the Royal Mail to the NHS have been hit by such attacks. In this blog post I’m going to outline some of the key factors that explain the rise in ransomware and suggest some strategies your organisation can deploy to avoid becoming victim to it.
What is ransomware?
Ransomware is a type of malicious software (malware) that encrypts a victim’s files or locks them out of their own system, rendering the data inaccessible. Once the ransomware has successfully encrypted the files or system, the attacker demands a ransom from the victim, typically in the form of cryptocurrency like Bitcoin, in exchange for providing the decryption key or a method to regain access to the compromised data. Ransomware attacks are appealing to cybercriminals because they are relatively simple to execute, they are not particularly labour intensive and can be highly profitable.
How are ransomware attacks carried out?
Ransomware attacks are often carried out through phishing emails or by exploiting vulnerabilities in software or operating systems. Phishing emails containing infected attachments or malicious links are sent to staff in the hope that someone will click on the link or open the attachment. Doing so then initiates the ransomware infection process. In some cases, attackers may also use other methods like malicious advertisements, compromised websites, or exploiting weak Remote Desktop Protocol (RDP) connections to gain access to a system and deploy the ransomware.
Once the ransomware is deployed, it quickly spreads throughout the victim’s network, encrypting files on connected devices and servers. After completing the encryption process, the ransomware displays a ransom note on the victim’s screen, explaining that their files are encrypted and demanding payment within a specified time frame to receive the decryption key or method.
What are the consequences of a ransomware attack for a business?
Ransomware attacks can have very severe consequences for businesses. Technically it is sometimes possible to decrypt ransomware but the reality is that each type needs its own particular kind of decryption. Decryption tools may exist for simpler or older types of ransomware but are much less likely to exist to combat newer or more sophisticated forms of attack.
Removing the ransomware itself does not necessarily decrypt the files. This leaves the option then of paying the ransom. However if victims do decide to pay the ransom, there is no guarantee that the attackers will actually provide the decryption key, and paying also encourages further criminal activity. Even if the ransom is paid and the decryption key is received, the attack may have caused significant disruptions and financial losses.
Some organisations believe that having a robust system of backups in place is sufficient to protect them from ransomware on the basis that they could reconstitute their systems from the backups if needed. However, some ransomware groups now also steal copies of sensitive data from organisations and threaten to expose it on the internet if the ransom is not paid, so even having backup copies of files will not save an organisation from this tactic. Companies such as British Airways, Boots and the BBC have all been hit with such attacks, having sensitive customer data stolen and held to ransom. All the robust backup systems in the world cannot protect you from attacks such as these.
How can I protect my organisation against ransomware attacks?
To protect against ransomware attacks it is important to regularly back up important data, although this alone is not enough, as already explained, as backups will not protect you from the risks associated with having sensitive organisational data stolen and exposed on the internet. It is also vital to keep your software and systems up-to-date by installing the latest security patches as soon as they’re available and using robust antivirus and anti-malware tools. You should implement strong security measures like multi-factor authentication and strong password management protocols.
Most importantly, however, is the need to educate your employees about the dangers of phishing and social engineering tactics used to deliver ransomware. Prevention and proactive cybersecurity measures are crucial in mitigating the risk of falling victim to ransomware attacks. The weakest link in any organisation’s security chain is generally its staff. Make sure your staff understand the risks associated with clicking on links in emails or opening attachments from emails whose provenance is unclear. You can also configure your email systems so that emails from external sources that have links or attachments are not delivered, however this can also interfere with your employees’ ability do their jobs so as always a balance needs to be struck between mitigating the risk and practicality. Effective prevention of phishing and ransomware attacks starts with employee education, as I have written about before on this blog here.
How we can help you
Please don’t hesitate to get in touch with us if you’d like to talk about any aspect of your IT security.