Ransomware is a cyber security threat that many businesses are not as aware of as they should be. A recent report by Malwarebytes found that 39% of the 540 companies questioned in June 2016, including a range in the United Kingdom, had suffered a ransomware attack of some kind in the last 12 months.
Ransomware attacks can affect any industry and businesses of any size. The data in the Malwarebytes report found that these kinds of attacks were most common in healthcare industries but also significant in banking, insurance and the financial sector. Research has shown that 47% of NHS Trusts, 51 individual police forces and 60% of universities in England have been the victim of ransomware in the last year alone.
Ransomware is a particular pervasive form of cyber threat and shockingly, Malwarebytes found that 40% of all victims paid the demands. Other studies have found that the average ransom demand is £540 but in 20% of cases the demand is in excess of £1,000.
What is Ransomware?
Ransomware is a sophisticated and new type of malware which doesn’t focus on stealing data. It works by blocking user access to their data, which can in many instances means business grinds to a halt. Any business that relies upon data stored on hard drives or even on cloud-based storage alternatives are vulnerable to a ransomware attack. Ransomware is a particularly devious form of malware as it doesn’t matter what data is being blocked, just that it is essential. It won’t matter if a business has ring-fenced sensitive data and financial information, a ransomware attack will still block access to day-to-day running operations.
Ransomware usually works by locking a system’s computer screens rendering the whole system useless. More sophisticated cyber criminals may choose to use a ransomware programme which specifically seeks and ties up files which are of the most importance such as documents folders, databases and spreadsheets.
Once this has occurred, the next stage is where this specific type of malware gets its name. All known ransomware attacks have been accompanied with a demand for payment, to get the system back online. This payment is usually demanded in cryptocurrency such as Bitcoin or similar, as this is anonymous and much its movement is much harder to track than regular currency.
Protecting Business against Ransomware
The persistent nature of ransomware makes it difficult to protect against. It can be found in a huge range of different formats, from apps to email attachments and so it is important to remain vigilant in all areas. All successful and security-focused businesses should have a cyber security policy in place and this should include best practices such as:
Employee Awareness and Basic Guidelines: some of the most basic rules for the workplace are the most important. Rules such as no opening unknown email attachments and a very closely monitored bring-your-own-device policy, if there is one at all, helps to ensure no ransomware sneaks through.
Regular updates and backups: all software should be updated to the latest version to close any loopholes malware can slip through. All data should be backed up in real-time to ensure it is protected and there should be master back-ups both weekly and monthly, with the use of external hard drives and also cloud-based storage.
Disaster drill: just like the mandatory fire drills, ransomware is so much of a threat that businesses should run disaster recovery drills. IT teams should perform penetration tests and assess the security of all applications and software on the system at regular intervals. Having a disaster recovery plan also allows the team to get to grips with protocol should the worst happen and damage can be minimised.
Recovering after a ransomware attack takes a long time. 63% of incidents logged in the Malwarebytes data took over nine hours to remediate. Having the right protection and awareness of the best practices before an attack takes place is a business’ first line of defence