Ransomware – No excuse for sticking your head in the sand!

Are your IT teams and 3rd party suppliers taking ransomware seriously? Are you? Ransomware is on the increase as recent high profile incidents prove – WannaCry, Locky, CryptoLocker etc. being infamous examples. It’s not just large organisations and enterprises that are being targeted. There are easy pickings to be had for cyber criminals from SMEs, across all sectors; which means IT departments, business owners and CEOs need to get up to speed and take preventative action.

Examples like WannaCry make the national news and highlight how vulnerable IT systems and data can be. But many smaller businesses are lulled into a false sense of security because these reported cases involve organisations like the NHS, financial institutions and governments. However, there are also many unseen victims of ransomware attacks, that don’t make the headlines and can spell disaster for the businesses affected.

Companies – perhaps like yours – are often easy targets because they don’t always have the cyber security tools in place to protect their businesses or the threat intelligence needed to spot new variants. Also they may not have the capital to invest in retrieving their data, by employing a data recovery firm, and therefore they may feel they have no choice but to pay the ransom.

While ransom demands are typically low enough for a small business to swallow, by paying them we are essentially funding continued attacks by criminals. Moreover as the example below shows, paying a ransom is no guarantee that you will get all your data back.

Ransoms are not the only cost a business many incur if they fall foul to a ransomware attack. Business operations can be severely disrupted until systems are restored, and this costs too.

Ransomware Affects Everyone – From Multinationals To Small Local Firms

You may have read that a hospital in Hollywood paid $17,000 in 2016 to get their encrypted files back, but what about the dairy in the UK that paid £5,000 to retrieve their data?

£5,000 may not be a huge sum in the scheme of things, but the overall cost to the business was much higher than that. Here’s what happened:

An employee opened a Microsoft Word email attachment from an unrecognised email address towards the end of the working day. When the attachment was clicked, nothing happened so they deleted the email and thought no more of it.

However, when staff tried to access their computers early the following morning – in time to receive over 100,000 litres of milk from local farms – they were greeted with a ‘splash screen’ telling them that their data had been encrypted and demanding a ransom equivalent to £5,000. Overnight the ransomware variant introduced by that Word attachment had been busy encrypting all the data on the dairy’s system.

What happened next demonstrates why all businesses need to ensure they have protection and preventative measures in place. The dairy thought that they would be OK, as they had a regular back-up process in place. However, those back-ups were not isolated from the system and so they too had been encrypted.

In the meantime, milk tankers were arriving at the dairy but were unable to unload because critical systems were not accessible. This caused huge backlogs and all the associated problems of having milk sitting in tanker lorries for too long.

The dairy therefore paid the ransom, but systems and data were not restored immediately. Only a small fraction of the encrypted data was recovered, even though the ransom was paid, and it took a number of days to rebuild their systems from scratch.

You can imagine the long term impact on the business of this innocuous email attachment, both in terms of reputation and the bottom line.

What Can You Do?

The first question to ask is “what are your IT team and 3rd party suppliers doing about it?” Do they have back-up processes in place that isolates business critical data to enable a fast recovery? Are they responsive when it comes to patching – the cause of the WannaCry attack? Are they monitoring systems to ensure they identify attacks quickly and minimise damage?

Another important factor is staff awareness and training, taking a proactive role in preventing attacks. If the employee at the dairy hadn’t clicked on that email attachment…

By Sarah, Invinsec


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s