Ransomware is a very real threat for all businesses – be prepared!
The BBC is reporting that ransomware attacks are a frequent occurrence in large institutions, including Universities and The NHS.
“Bournemouth University, which boasts a cybersecurity centre, has been hit 21 times in the last 12 months.
Twenty-eight NHS Trusts said they had been affected.”
Ransomware is not selective, and all businesses are at risk. In this article we explain ransomware, give you some advice around prevention and what to do if you suffer an attack. There are also some useful links below where you can find out more.
What is ransomware?
Ransomware is a form of malicious software, which infects computers usually by opening email attachments or clicking on links in emails. This then starts a process which encrypts your files and prevents you from accessing them. To unlock your files a ransom, usually in a crypto currency like bitcoins is demanded. This cyber crime is anonymous, difficult to trace, and mostly a result of an untargeted attack. The advice is to prepare yourself against such attacks and not to pay the ransom demand, on the basis that it encourages the type of crime and there is no guarantee that the files will be unlocked even if you do pay the ransom.
The report also goes on to say that only one of the universities affected had contacted the police.
Why are the majority of ransomware attacks not reported to the police?
Interestingly, the increased instance of such attacks is perceived by some as ‘part of doing business’. Speaking to an organisation recently who were a victim of malware that encrypted some of their files, they felt this was normal, and therefore did not report it. It was explained that this is a crime and should be reported to Action Fraud. By not reporting it they are not helping to build an accurate picture of current attacks. There is a need to demonstrate the frequency and type of such incidents. This will support the requirement for funds to be allocated for the police to deal with the increasing attacks , and enable them to share information about current threats.
What should you do if you are a victim of a ransomware attack?
First disconnect the computer from the network, which includes wireless networks, and switch it off as quickly as possible.
Report it to your IT department or provider as soon as it has happened. Report the attack to Action Fraud.
To recover your files you will need to restore from a good backup. Now is the time to ensure that this is in place, and test it, ensure this is part of the service your IT company is providing for you. This backup needs to be disconnected from your network to ensure that ransomware does not infect this too (Some ransomware is designed to find your backup files before activating the encryption process)
Steps you can take to prevent a ransomware attack
Prevention is better than cure. According to the BBC report the US government have seen an increase of 300% in 2016 of ransomware attacks in America. Currently 4000 incidents a day are being reported.
It advises that “prevention is the best defence” and suggests the use of spam filters, firewalls, anti-virus programs and employee training for businesses – as well as regular data back-ups.
One of the most important defences against an attack is employee training. People are naturally curious, and even if they receive an email from a bank they don’t bank with, inviting them to click on a link, or open an attachment, they still do!
These phishing emails are often high quality and very convincing. The obvious things used to be spelling mistakes and fuzzy logos. Now staff need to take their time reading their emails. Action Fraud advises:
Remember that fraudsters can “spoof” an email address to make it look like one used by someone you trust. If you are unsure, check the email header to identify the true source of any such attachment or link.
These type of emails create an urgency to make you click on it or open the attachment? Trust no one. Always go to the trusted site, rather than follow email links.
Find out more about ransomware
There is a good example on Action Fraud news of fake British Gas bills being sent out. This gives you an example of the type of emails currently in circulation.
Current threats in the South West region are reported with advice at Zephyr, the South West Regional Organised Crime Unit
Law enforcement and IT Security companies have joined forces in a project to disrupt cybercriminal businesses with ransomware connections. They have created a website called nomoreransom.org to help victims of ransomware to retrieve their files and to help educate users about how ransomware works and prevention measures that can be taken.
The “No-More-Ransom” website is an initiative by the National High Tech Crime Unit of the Netherlands’ police, Europol’s European Cybercrime Centre and two cyber security companies – Kaspersky Lab and Intel Security – with the goal to help victims of ransomware retrieve their encrypted data without having to pay the criminals.
For the latest updated advice against ransomware prevention visit the ‘no more ransom’ website.
First simple steps to protect yourself
By implementing the government back Cyber Essentials Scheme and regularly updating your staff about ransomware and phishing emails you will protect yourself from the majority of these threats.
> Start now! Need Cyber Essentials Certification in a hurry?