Martin Brown: Don't be held to ransom by cyber-crooks
It’s extortion on a huge scale, and it works – which is why it is evolving at such breakneck speed.
Ransomware is usually spread via email. When someone opens a link or attachment on an offending email, the ransomware seeks out and encrypts (scrambles) valuable data, like customer databases, rendering the data useless. It then demands that you pay a ransom to get your data back.
It’s becoming a threat to both companies and the public sector – Lincolnshire County Council hit the headlines in January this year when they fell victim. They didn’t pay the modest £350 ransom out of principle, although it would have been cheaper to do so rather than face days of being unable to use their systems while the issue was resolved.
Many victims do pay, including a California hospital who paid $17,000 to get their precious data back after an attack in 2015. Because of the critical importance of the data in question, they just didn’t have the time to try to recover the files from elsewhere. They felt they had no option but to pay up.
The business impact of these attacks can be catastrophic. This can range from reputational damage such as loss of customer records through to loss or encryption of business critical data without which the business cannot function. Reports of these disasters are now commonplace as are the effect they have on careers, reputations and shareholders. Ransomware demands are exploding because the tools needed to attack and encrypt systems are readily available. This combined with the fact that people and organisations are paying the ransoms make it a very lucrative business for criminals to be in.
Prime targets for ransomware attacks are any company or organisation that depends on daily access to critical data, and can’t afford to lose access to it. That means banks, emergency services, airlines and large companies are particularly at risk. Recently published figures from the Home Office’s Commercial Victimisation Survey 2015 show that the information and communication sector experienced a much higher rate of online crime than any of the other sectors surveyed, so pay particular attention if you’re a business in that field.
But the reality is that anyone can be a victim, even down to a family with precious photographs stored on their home PC that hackers think they might pay good money to get back.
Worryingly, even cloud service providers are now being targeted, as criminals find they are getting a better return on investment by taking hold of their customers’ data and threatening to delete it. Cloud service providers are very likely to pay the ransom rather than lose the data of thousands of customers.
Ransomware isn’t new – the first incidence was identified in 2005. Back then, the encryption wasn’t brilliant and could be easily broken, so the idea didn’t really take off. It began to make a comeback in 2012 when Bitcoin made secure online payments a possibility. But the rise of ransomware really began in earnest over the past three years, as encryption improved dramatically and it became much harder for victims to unlock their systems after an attack.
So what can you do about it? As always, prevention is better than cure, so use reputable anti-virus software and a firewall, and be particularly careful with email. Most email systems come with a spam filter as standard, so make sure this is switched on. Don’t open, respond to or forward suspicious emails, and definitely don’t open any attachments or links from unknown sources. If you’re a business, train all your staff to be vigilant on this too.
Small to medium-sized businesses are probably better off using cloud-based storage for their data, as despite the fact that ransomware attacks can target the cloud, this is still a more secure option than most small businesses have the resources to provide in-house. Your cloud provider will have invested time, money and technical expertise in protecting their customers’ data.
As the mechanisms the criminals used to attack victims are constantly evolving, even organisations with good security procedures can be hit so everyone should have plans in place to deal with the worst case scenarios.
If your organisation is attacked there are only two options; one is paying the ransom. Nobody would recommend that course of action, especially as it doesn’t guarantee you’ll get your data back. The other solution depends on you having secure, up to date backups available, as you will need to wipe your system and restore it using your backups.
So my advice is to identify the data that you or your organisation cannot live without and backup, backup and keep on backing up – to the cloud if possible. If you backup to an external hard drive or local server, these should be kept offline and not directly connected to your machine, where hackers can reach them.
As long as you have your critical data backed up somewhere safe, you should never be forced into paying cybercriminals a ransom.
• Martin Brown is Scottish country manager at IT group EMC