Ransomware is a threat to our data and our computer systems which is increasing every year. In 2020 48% of UK organisations were the victims of a ransomware attack and 13% of these paid the ransom in an attempt to get their data back.1 The average cost of a ransomware attack on a UK business is £616,631. Not many businesses could take that financial hit.
But it is not just small UK businesses who are targeted. Ransomware is a global problem, and no business is too small or too large to be victims.
One piece of ransomware which is causing havoc at the moment is the Ryuk ransomware, a form of which was first identified in 2018. The 2021 version of Ryuk is tailored to the particular victim and it tends to target large organisations such as oil companies, government agencies and hospitals and generally demands a higher ransom than other ransomware. This can be in the region of 15 to 50 Bitcoins which is £73,408,000 to £367,042. Ryuk typically infects a machine by way of a phishing email and in the UK it is thought that one in every 3,722 emails is a phishing email, 20% higher than the global average.2
The devastating effect of a ransomware attack was seen in April this year when the Colonial Pipeline Co. in the US was attacked by ransomware which gained access via a compromised password on a dormant account attached to the network. This attack halted Colonial Pipeline’s operations resulting in a fuel shortage along the east coast of the US. They paid the hackers £3.2m in ransom as they had stolen nearly 100 gigabytes of data which they were threatening to publish on the dark web.
Putting security measures in place
With ransomware constantly developing and becoming more sophisticated it is impossible to protect yourself 100% from ever being a victim, but there are security measures you can put in place which will make it more difficult for the hackers.
- Anti-ransomware software – Installing anti-virus, anti-malware and anti-ransomware software to all networked machines within your business can provide the first level of defence.
- Regular updates – All software and operating systems need to be updated regularly, as any vulnerabilities or glitches in the systems can be infiltrated by cybercriminals. If the patches are available use them.
- Multi-factor authentication – The Colonial Pipeline Co. attack may not have happened if the systems had required multi-factor authentication. This means in addition to a password to gain access a randomly generated code, piece of information or biometric data is required.
- Access management – The ransomware infiltrated Colonial Pipeline’s systems via a dormant account. By implementing a robust Access Management process, you can ensure all leavers’ accounts are closed on the day they leave, and that current staff only have access to the things they require to do their job.
- Principle of least privilege – This is closely connected with Access Management and is the principal that access should be the bare minimum required to do a job. This means should ransomware infiltrate a user’s device it will only have access to the parts of the network they have access to. The less they have the less damage can be caused.
- Staff training – The Ryuk ransomware as well as many others are delivered by phishing email. Staff should be regularly trained on how to spot phishing and smishing campaigns and how they should deal with it as well as the implications of getting it wrong.
- Data Back-ups – Ensuring all your business systems are regularly backed up can be vital for restoring data in the case of a ransomware attack. These back ups should also be stored off-site and off-network meaning even if your entire network is encrypted then your back-up data is still safe. A robust Backup and Data Recovery plan can ensure that data isn’t lost in the case of an attack.
- Anti-ransomware insurance – More than 30% of UK businesses have cybersecurity insurance which doesn’t cover ransomware. Ensure any insurance you have covers your business for this eventuality. It won’t stop the attack, but it can help with the financial implications.
If you are unsure of how secure your IT systems are contact Security Everywhere for a security assessment and no-nonsense advice on how to up your cyber security and stay one step ahead of the cybercriminals.