Ransomware attacks continue to make sensational headlines as businesses run the risk of catastrophic losses. Robust protection starts with understanding the facts. This blog outlines how to protect against the indiscriminate cyber spectre and what to do if your business has been targeted
In April, Merseyrail reported that they had potentially been hit by a ransomware attack. Providing train service through almost seventy stations in the Liverpool City Region, a ransomware hit could have led to disastrous outcomes. However, the company was quick to raise a full investigation and notified relevant authorities.
This incident was reminiscent of the cyber attack that targeted the Premier League football team Manchester United, last year. While the club took swift action to mitigate the incident and minimise damage, it was suspected that they also had been targeted by ransomware.
Last year, the National Cyber Security Centre (NCSC) revealed that they dealt with three times as many ransomware incidents while supporting the national pandemic response. They also found that cyber criminals have evolved in how they carry out attacks. In fact, British firms paid more than £200 million in ransoms last year.
The numbers stack up and disclose an important point – cyber criminals are more active and virulent than ever before. They are also opportunistic and tend to target vulnerabilities within an organisation’s cybersecurity infrastructure.
Understanding Ransomware and the Latest Findings
Ransomware is a type of malicious software that ‘locks’ a user from accessing data stored on a computer until they pay an extortionate sum (ransom) to the perpetrators. Different types of ransomware behave differently in how they encrypt data. Some even threaten to leak vital information and may attempt to spread to other machines within a network, rendering the entire organisation to an operational gridlock.
The latest findings from the Cyber Security Breaches Survey released in March this year scrutinises how the Covid-19 lockdown has impacted the UK’s attitude towards cybersecurity and emerging threats.
In the survey of 2,284 UK organisations comprising businesses, registered charities and education institutions, four in ten businesses and a quarter of charities reported cybersecurity breaches within the last 12 months.
While the survey showed a decrease in breaches and attacks that controverts the figures stated by the NCSC, it can be attributed to three factors:
- The NCSC tends to be a port of call when organisations are already under attack or breached. As a result, their case numbers would differ from the survey findings where respondents were chosen at random.
- As a result of Covid-19 lockdowns, there could be less trading activity, making some businesses less detectable to perpetrators. This means that the figures may evolve again when more businesses emerge from their dormancy.
- The survey found that fewer businesses are deploying security and user monitoring as a result of the pandemic. Therefore, the figures may suggest that businesses are simply less aware of any attacks or breaches.
The final factor is indicative of a troubling trend. As a knee jerk reaction for businesses to accommodate working from home last year, many found it harder to administer cybersecurity measures during the pandemic, leading them to become more vulnerable to cyber attacks. This comes with very serious ramifications.
Organisations that faced ransomware attacks are more likely to experience catastrophic outcomes.
How to Protect Your Business From Ransomware Attacks
Recently, BBC reported that a global coalition of technology companies and law enforcement is calling for “aggressive and urgent” action against ransomware. The NCSC is a member of the Ransomware Task Force (RTF) which is also joined by Microsoft, Amazon, the FBI and the UK’s National Crime Agency to provide governments with nearly 50 recommendations.
A prime reason for this is that there is no absolute way for any singular business to completely avoid a ransomware threat. The best way to protect against ransomware is to work collaboratively and for businesses to commit to robust cyber security measures.
Bringing some of the strategies closer to home and more actionable for business enterprises, here are a few ideas to help protect against ransomware attacks:
Slow Down a Potential Attack by Defence-in-Depth
The NCSC advises to adopt a ‘defence-in-depth’ approach to cybersecurity measures. By adding layers of defence with several mitigations at each layer, businesses have more opportunities to detect malware it causes harm.
A robust Secure Operation Centre (SOC) should be able to provide real time monitoring, detection and analysis of cybersecurity threats.
Regular and Multiple Backups
As ransomware tends to target data and vulnerable backups to squeeze a business for ransom, the most important files should be backed up regularly and up-to-date copies should be kept off site and away from the business network.
Backup and disaster recovery is integral to minimising downtime and business continuity after an attack. It is important to ensure that small-medium business owners are choosing the right approach to protect their interests.
Develop a Disaster-Recovery Playbook to Stay Prepared for an Attack, Even if it is Unlikely
Sometimes, offence is the best defence. When an attack happens, there will be several instances where the need for speedy decision making can hamper the outcome for a business. To maintain control and order, it is important to not make split decisions based on stress and emotions that may run rife during the event.
A playbook will help a business make logical and objective decisions during a tough situation. These decisions should include:
- Identifying critical assets and a protection and recovery plan
- Internal and external communication strategy
- Determine how to respond to ransom demand based on outcomes
- Resources like contact lists and management plans available offline
- Legal obligations as a result of the incident
What to Do if You Are Already Attacked
Hinesh Mehta, Detective Inspector and Head of Cyber and Innovation at the West Midlands Cyber Resilience Centre (WMCRC) advises the 5 key steps that should be executed once a ransomware attack has been detected in order to minimise the damage:
- Disconnect the affected devices to provide further infection through the network
- Reset usernames and passwords for devices across the network
- Safely wipe all infected devices
- Assess and check that backups are not infected
- Reinstall all systems once backups are certified infection-free
Should I Pay the Ransom?
While ransomware attacks can vary, paying the ransom is generally not encouraged by law enforcement. On top of the ethical implication of submitting to criminal demands, there is actually no guarantee on the safe retrieval/access of the compromised data.
How METCLOUD Can Help With Protecting Against Ransomware
Businesses have various choices to choose from when it comes to SOC, backup and disaster recovery solutions. If they decide to take it on as an in-house department, it requires a comprehensive team to suitably manage it effectively for the business. For a small-medium enterprise, this might be an onerous task. This does not mean that they should forgo robust cybersecurity.
METCLOUD’s team of experts can provide fit-for-function cybersecurity and cloud solutions that are scalable in accordance to business needs. Reach out to our team for a preliminary chat about your concerns and we will work collaboratively with you to find the most secure and efficient solutions for your business.