It’s dangerous to underestimate the evolving threat of ransomware

You’ve probably heard their names – ominous titles like CryptoLocker, Crysis, WannaCry and Cerber. You may know that viruses lurk in suspicious attachments and downloads, putting users a click away from disaster – but the true scale and the potentially devastating consequences of ransomware are dangerous to underestimate.

Estimates of the cost to businesses of this evolving malware threat can vary wildly – often because companies that have fallen victim to attacks keep it under wraps to protect their reputations. However, research reported by IT industry news outlet ITProPortal last year suggested 40% of UK companies had fallen victim to an attack and put the cost at a staggering £346 million – not just made up of the ransom demands but also taking into account the cost of downtime, data recovery costs and damage to reputation.

In one of the most high-profile attacks of recent times, global aluminium producer Norsk Hydro fell victim to an attack that hit 22,000 computers across 170 sites in 40 countries. The company was widely praised for refusing to pay the ransom demand, but the cost of lost revenue and disaster recovery has so far been put at £45m. The stance taken by Norsk Hydro may be admirable, but the cost is still dear, and not all businesses will be resilient enough to follow suit.

As cloud-based systems and data handling become the norm in business – bringing with them huge benefits in terms of flexibility, efficiency and versatility – it can be tempting to think that platforms such as Office 365 and Google’s G Suite of applications are a stronghold against attackers.

Microsoft and Google do indeed provide strong capabilities to help protect customer data, but it is a myth that they are invulnerable. As the fastest-growing solutions, cloud-based systems are a primary target for cybercriminals, so users must take all reasonable measures to protect themselves.

It comes down to prevention and cure – taking all possible measures to resist attacks in the first place, and having strong backup systems to ensure the fastest possible recovery if the worst happens.

Training and staff advice

Research* commissioned by Aura Technology recently found that 49% of office workers are visiting sites or opening email attachments that could cause a virus, malware or ransomware, and that 29% admitted to having already caused such a breach by accident.

Education is essential to protect your business against ransomware. It is critical that your staff understand what ransomware is and the threats that it poses. Provide your team with specific examples of suspicious emails with clear instructions on what to do if they encounter a potential ransomware lure (for example, don’t open attachments, and if you see something, say something). Conduct formal training to inform staff about the risk of ransomware and other cyber threats. When new employees join the team, make sure you send them an email to bring them up to date about cyber best practices. It is important to ensure that the message is communicated clearly to everyone in the organisation, not passed around on a word of mouth basis. Lastly, keep staff updated as new ransomware enters the market or changes over time.

Security

Antivirus software should be considered essential for any business to protect against ransomware and other risks. Ensure your security software is up to date to protect against newly identified threats. Keep all business applications patched and updated in order to minimise vulnerabilities. Some antivirus software products offer ransomware-specific functionality.

However, because ransomware is constantly evolving, even the best security software can be breached. A secondary layer of defence is critical for businesses to ensure recovery in case malware strikes – and that’s where backup comes in.

Backup 

Modern total data protection solutions, like Datto, a key Aura Technology partner, take snapshot-based, incremental backups as frequently as every five minutes to create a series of recovery points. If your business suffers a ransomware attack, this technology allows you to roll back your data to a point-in-time before the corruption occurred. When it comes to ransomware, the benefit of this is two-fold. First, you don’t need to pay the ransom to get your data back. Second, since you are restoring to a point-in-time before the ransomware infected your systems, you can be certain everything is clean and the malware cannot be triggered again. 

Aura-TW-&-Woodward
Tim Walker and Sir Clive Woodward

Strategic IT, robust security

Sir Clive Woodward, on the board of Aura Technology as a non-executive director, believes it is the responsibility of chief executives and business leaders to understand their organisation’s IT strategy – including the provisions for cybersecurity.

“Cybsersecurity is one of the biggest challenges facing businesses,” he said. “It’s vital to invest in technology at the right level to stay ahead of the threat.

“It needs to be led by the chief executive and C-Suite and not left to middle management. You don’t have to know the ins and outs and the exact details but you do need to know the key points. If you stay on top of those you will make sure the right investment is made and the right decisions are made – you can’t delegate that to a junior manager.

“Companies that really get the technology side and investment in technology get taken to a whole new level.”

Tim Walker, MD at Aura, added: “All businesses need to ensure staff are vigilant, but a trusted managed IT provider will ensure all of these measures are in place to minimise risk. There are costs involved, but they are nothing like the financial, logistical and emotional fallout of a system breach.”

To find out more about how to protect your business against cybercrime, download Aura’s ransomware guide at auratechnology.com/the-business-guide-to-ransomware/

* Aura Technology’s survey data of 2,000 UK adult respondents was conducted by market research company OnePoll, members of the MRS, in accordance with the Market Research Society’s code of conduct.

SOME COMMON RANSOMWARE THREATS

Cerber: Targets cloud-based Office 365 users and has impacted millions of users using an elaborate phishing campaign.

Crysis: Can encrypt files on fixed, removable, and network drives and uses strong encryption algorithms and a scheme that makes it difficult to crack within a reasonable amount of time.

CryptoLocker: Ransomware has been around in some form or another for the past two decades, but it really came to prominence in 2013 with CryptoLocker. Since then, hackers have widely copied the CryptoLocker approach, although the variants in operation today are not directly linked to the original. The word CryptoLocker has become almost synonymous with ransomware.

CryptoWall: Gained notoriety after the downfall of the original CryptoLocker. It first appeared in early 2014, and variants have appeared with a variety of names, including CryptoBit, CryptoDefense, CryptoWall 2.0, and CryptoWall 3.0.

CTB-Locker: The criminals behind CTB-Locker take a different approach to malware distribution. These hackers outsource the infection process to partners in exchange for a cut of the profits. This is a proven strategy for achieving large volumes of malware infections at a faster rate.

Jigsaw: Encrypts and progressively deletes files until a ransom is paid. The ransomware deletes a single file after the first hour, then deletes more and more per hour until the 72-hour mark, when all remaining files are deleted.

LeChiffre: The name comes from the French noun “chiffrement” meaning “encryption”. Le Chiffre is the main villain from James Bond’s Casino Royale novel who kidnaps Bond’s love interest to lure him into a trap and steal his money. Cybercriminals automatically scan networks in search of poorly secured remote desktops, logging into them remotely and manually running an instance of the virus.

Locky: Spread in an email message disguised as an invoice. When opened, the invoice is scrambled and the victim is instructed to enable macros to read the document. When macros are enabled, Locky begins encrypting a large array of file types.

Could my business be a ransomware victim?

Ransomware perpetrators cast a wide net and often target small to medium-sized businesses with IT security loopholes and a modest budget to pay for the ransom.

If data is important to your business, then you are a target. The most common route is via a “phishing” email to staff – and they can be relentless, repeatedly trying until a breach occurs.

Robust IT systems are essential to counter the threat. As part of its Technology Roadmap process, developed in house, Aura Technology’s security specialists assess an organisation’s resilience to ransomware alongside the performance of its existing infrastructure, identifying issues or opportunities for improvement before recommending a bespoke solution.

 

Aura_Logo_Large