As we become more dependent on the Internet, the risk of cyber-attacks is growing. Internet and network security is a massive industry. It is one which needs to be fast-moving and at least up to pace with the criminals if not ahead of the game. Over the years we have heard about some serious cyber-attacks with Ransomware the latest in a long line of significant threats. Historically, many companies and government bodies have attempted to cover up cyber-attacks but Ransomware demands are a whole different ballgame. They are very public and can literally paralyse a business overnight.
Table of Contents
What is Ransomware?
In simple terms, Ransomware is the process whereby criminals take control of computers, mobile devices and networks around the world. It is described as a “virulent and fast evolving species of malicious software” and it says exactly what it does on the tin. Once the malicious software is injected into a computer/mobile device it can spread very quickly across a whole network of connected computers.
The next stage is to encrypt files stored on the system. Then, cybercriminals hold companies, individuals and government bodies to ransom in exchange for the decryption keys to restore the locked files.
One of the main problems with Ransomware software is that many individuals, businesses and government departments take the default attitude that “it will never happen to me”. In reality, those who are blind to the issues of Ransomware are the perfect targets for the criminals. They can sometimes be naive, slow in updating security patches and very often fail to monitor suspicious activity on their networks.
Fighting Ransomware and other malware
While some of those affected by Ransomware have paid the “ransom note” and sometimes been lucky enough to receive the decryption keys. However, this is not always the case.
In other cases the criminals have simply taken the money and retained control of the networks. While in other cases, the poor quality of encryption sometimes means that the decryption keys do not work. However, there are ways and means of protecting yourself should you ever become a victim of a Ransomware attack.
Secure hosting company
As web hosting is integral to the security of your website, files and Internet activity, it is vital that your hosting provider is vigilant, fast acting with significant emphasis on security.
We have seen instances where whole servers have been infected with Ransomware due to security flaws which were not addressed. If your website server is not secure and there is no immediate way to segregate an infected account, this can cause absolute mayhem. While we often discuss individual website backups, server backups are also an important tool in the fight against malware.
Regular website backup
The simplest advice to those who have an online business is to ensure that individual website backups are carried out on a regular basis (a server backup is also essential). Despite the fact that this is for many the only way to retrieve control of their systems, after a Ransomware attack, it is frightening how many people fail to take a regular website backup.
In the event of a Ransomware attack, or any other type of malware attack, there should be the option to backtrack to the last “clean” backup and restore the system. Information from the clean backup date to the malware attack may well be lost but for many this is a small price to pay.
Security training
We have discussed the security of your web hosting company and backups but what about the training of end users? The vast majority of Ransomware infections will begin with a naive employee downloading an infected file or clicking on a dangerous spam website link. Therefore, while there is obviously a need to ensure your website is as secure as possible and your web hosting provider is trustworthy and up-to-date with security, there is also a need to physically train staff.
Some of the issues to cover in staff training include:-
- Educate staff on the methods used by Ransomware distributors.
- Teach them of the dangers of clicking on spam links or downloading infected files.
- Using a works computer at home, with a temptation for leisure activity. This often leads to workers unknowingly downloading infected code.
- Immediately inform the IT department of suspicious emails/general online activity.
It is all good and well to teach members of staff which files to avoid and which emails to delete. In the same breath, reporting instances of suspicious emails/general online activity is just as important. This allows the company’s IT specialist to review the system, monitor suspicious traffic and tighten security where applicable. To be forewarned is to be forearmed!
The hidden cost of Ransomware demands
If you look back to the WannaCry Ransomware outbreak in 2017, this infected 200,000 computers across 150 countries.
Businesses and public institutions right across the globe saw access to their networks restricted and ransom demands made. These ransom demands can run into the hundreds or thousands of dollars per computer. Plus, the fact they are paid in Bitcoins means that the money is then untraceable.
We know that the attack in 2017 alone cost of $8 billion in lost time, lost business and the cost of restoring systems. The frightening fact is that this type of attack is a lot more common than many of us might assume.
A staggering 71% of companies targeted by Ransomware distributors (often low-paid computer experts) were actually infected. We also know that at least half of successful Ransomware attacks will infect a minimum of 20 computers.
So, while many companies and institutions are faced with the stark reality of days or weeks of downtime or pay the ransom, this is just the tip of the iceberg. Experts believe that by the end of 2019 there will be a Ransomware attack every 14 seconds. Though it is still frightening, this is significantly down on the 40 seconds in 2018.
For companies and institutions there are many other factors to take into consideration such as:-
- Loss of customers/business
- Negative press comment
- Contractual issues unfulfilled
- Loss of confidence
- Pressure on cash flow
Unfortunately, this type of criminal activity can and has brought down many companies often forcing them out of business. In reality, the actual physical cost associated with ransomware is not the issue. Paying the ransom or repairing the network – but the loss of reputation and trust. These are business factors which money cannot buy.
It is also worth noting that many criminals are now turning their efforts towards public institutions and governments. For example, there has been a significant increase in the number of medical companies succumbing to Ransomware attacks.
When faced with system downtime of days/weeks, there is obviously more chance that victims will pay a ransom. Despite that, the official advice from governments and security institutions is not to pay the ransom. But, instead look to invest in network security and staff training.
The moment you pay a ransom the likelihood is that your name and contact details will start circulating around the dark web at a rate of knots. You will become the stereotypical low hanging fruit for the next Ransomware distributor.
Summary
If we look at some of the basic facts regarding Ransomware they are frightening:-
- A Ransomware attack is expected every 14 seconds by the end of 2019.
- 75% of businesses attacked with Ransomware suffer at least two days without access to files.
- 30% of businesses attacked will go five days or longer without access to files.
- Some supposedly secure national bodies go weeks without access to files.
It is therefore vital to carryout website backups, server backups and staff training and constantly update security software to monitor suspicious activity. A number of internet security companies are now using artificial intelligence to “second-guess” Ransomware software activity. They are stepping up to fight and get ahead of criminal gangs. What about you?