Read the ever-burgeoning statistics and chances are you’ll feel like you never want to switch on your computer again.
It’s the nasty cyber-attack that can put your entire business at risk: the arrival of malicious software onto a targeted computer which then encrypts all the data, rendering it inaccessible. The software’s developers demand a payment, usually in the digital currency bitcoin, in exchange for the encryption keys that will restore your files to you.
For the age of computers it’s a crime that’s been around for a while. It’s just that in recent times the incidents of such attacks have exploded. And, so far, they show no sign of stopping.
At the end of August, cybersecurity firm SentinelOne revealed that following a Freedom of Information (FOI) request, 63% of British universities admitted they had suffered an attack, over half in the last year alone with one enduring 21 in the same period.
A further FOI request revealed that 30% of UK councils and 28 NHS trusts had also fallen victim to this 21st century crime while globally Malwarebytes, another computer security business, found that nearly 40% of all businesses have succombed to ransomware foul play in the last 12 months.
Incredibly, last year even the Police’s Central e-Crime Unit (PCeU) had to put out a public alert following a spate of ransomware attacks from crooks impersonating the unit.
“Over the last four years, ransomware has evolved into one of the biggest cyber security threats in the wild, with instances increasing 259% in the last five months to August alone”, says Nathan Scott, Senior Security Researcher at Malwarebytes and ransomware expert. “Until now, very few studies have examined the current prevalence and ramifications of actual ransomware incidents in the enterprise.”
Additional international findings included:
- Nearly half of attacks originated from email.
- More than 60% took more than nine hours’ severe downtime to remediate.
- Healthcare and financial services were the prime targets globally, both being hit with well above the average ransomware penetration rate of 39%.
- Amazingly, 3.5% of respondents even said lives were at stake because of ransomware’s debilitating effects
Firms can be forced to pay thousands to retrieve their data. Globally more than 40% of businesses handed over the money, and Malwarebytes estimates that over half the UK businesses targeted will eventually pay, even though advice on whether to do this or not varies wildly according to country.
Both Britain’s Action Fraud (The National Fraud & Cyber Crime Reporting Centre) and the FBI say definitely not, with the latter’s cyber division Assistant Director, James Trainor, adding: “Paying a ransom doesn’t guarantee an organisation will get its data back—we’ve seen cases where organisations never got a decryption key after having paid. “Paying a ransom not only emboldens cyber criminals to target more organisations, it also offers an incentive for others to get involved in this type of illegal activity. Finally, paying a ransom could mean an organisation is inadvertently funding other illicit activities.”
It’s pretty much a lose/lose situation if it happens to you, although there are solutions coming through which are said to bypass encrypted files and reboot clean up an infected machine, but the general consensus is that its far better to avoid becoming a victim in the first place by making sure there are firm prevention and disaster planning procedures in place.
- Ensure employees are aware of ransomware and of their critical roles in protecting the company data – humans are often the weakest link.
- Patch operating system, software, and firmware on digital devices.
- Put anti-virus and anti-malware solutions on automatic update and regularly scan.
- Only give users administrative access when absolutely needed and only use administrator accounts when necessary.
- Configure access controls. If certain people only need to read specific information, then they won’t need permissions to write to those files or directories.
- Back up data regularly and secure the back-ups by keeping them separate from the computers and networks they are backing. If your data’s all backed up it you can restore it without having to pay any ransom.
To report a ransomware attack or any other kind of cybercrime, visit Action Fraud or telephone 0300 123 2040.