What is Ransomware? And How to Protect Your Data
Ransomware is the biggest cyber threat facing most business owners in the UK today. Read on to understand what it is, and the surprisingly simple things you can do to protect your business from the risks of ransomware.
In their 2021 annual review, the National Cyber Security Centre (NCSC), a branch of GCHQ, stated that “In the first four months of 2021, the NCSC handled the same number of ransomware incidents as for the whole of 2020 – which was itself a number more than three times greater than in 2019.” A recent 2022 report by Cymulate revealed that 40% of cyber-attacks experienced by companies were ransomware attacks. However, this is not a new thing, as the first known case of a ransomware attack occurred way back in 1989, which involved the use of a floppy disk and targeted the healthcare industry. Ransomware is an ever-evolving threat, so it is important to understand what it is, and how to protect against it.
What is Ransomware?
Ransomware is a cyber-attack in which the attacker will encrypt your data so that you can no longer access your own files. Encryption involves turning your plain text files and documents into an encoded jumble that is impossible to read without the encryption key. The attackers will then demand a high-priced ransom to either release your data back to you by decrypting it, or to prevent them from publishing your data online. If you do not have a backup of your data, and you don’t want to pay the ransom, then you will likely have to start from scratch.
In order to encrypt your data, the attackers first have to gain access to your system. They can do this by guessing your passwords, or by hacking into remote-desktop systems that employees often use when working from home. A recent rise in ransomware campaigns is sometimes tied to the increase in home working as a result of the Covid 19 pandemic, as companies have more remote desktop services active, and less control over their employees cyber security such as password policies and home internet security.
Attackers can also gain access to your computer through a user clicking on a link or attachment sent to them via email. Once they open this, it downloads the attacking software to the computer it was opened on, and can sometimes spread to an entire network if the devices are all connected. Attackers will usually try and gain access to as much of the network and as many devices as possible before they begin their encryption process, so that they have taken as much of your data as they can in this one attack.
Who is a Target?
Ransomware attacks are almost always profitable for the attackers. This means that everyone is a possible target, presuming they can get access to your computers or network. The top industries targeted appear to be financial services, and the healthcare industry, which was the target of the first ever recorded ransomware attack. Both of these sectors have data that is not only valuable to the attackers (they could profit from selling it on the dark web if the ransom is not paid) but is also considered highly valuable to the targeted companies and their clients. Financial and healthcare data is personal information, and is highly protected and regulated because of this. Attackers use this to force companies into paying their high ransoms so that they do not lose face, as having their data published could be a huge embarrassment for the company, and their customers and clients.
Local governments and universities have also been highly targeted in the UK, notable examples being Redcar and Cleveland Council in 2020, where the estimated cost of recovery was £10.4m. More recently, Hackney Council suffered IT system losses for months, and also an associated cost of around £10m. Gloucester Council IT services were attacked in December, and have still not been fully recovered at the time of writing 6 months later. This attack is believed to be of Russian origin and was able to access the IT network due to a council employee clicking on a link in an email. Oxford University also reached out to the NCSC to intervene when an attempted ransomware attack was launched against them, while they conducted vaccine research, which would have caused wide-scale disruption if it succeeded.
How Can I Protect my Data?
Improving your cyber security will help protect your company from all types of cyber-attack. Cool Waters can help companies like yours to make sense of Cyber Security and to introduce the right level of protection for your business and budget.
Using strong passwords and requiring multi-factor authentication (MFA) will help keep attackers out of your systems, your email and cloud services like Office 365. This is particularly important when remote desktop access is used for home workers, as this is a very common point of attack. If an attacker does manage to gain access to one computer or system, using network segmentation can help to stop the spread across your network. This involves the use of firewalls between different sections of your network, and so can help to contain the attack to one infected device rather than having all of your devices and systems compromised.
Regularly backing up your data can specifically help to prevent the potential damage that could be caused by a ransomware attack. If attackers encrypt all of your data files, but you have access to an offline backup, then you will be able to restore your systems quickly and with little impact on your business operations. But what about the potential for them to steal your data and publish it if you don’t pay the ransom? This risk can be mitigated by keeping sensitive or private information encrypted within your own files, so that if attackers steal it, they do not have the key to decrypt the data and cannot access any files that could be potentially damaging to your business or clients if leaked online.
You can also install software such as Intrusion Detection and Prevention Systems on your computers to detect any suspicious or unexpected activity on devices or accounts, so you can stop the attack from happening while it is searching through your network, before the encryption has taken place. Training staff to notice potentially malicious links and attachments in emails can also save you from having any devices infected in the first place, such as with the Gloucester Council attack.
If you want to transform your team into a security asset rather than a security risk, click here to receive a free consultation with Cyber Coach.
Arrange a free initial consultation to discover how Cool Waters can help improve the Cyber Security of your business.