Computer hackers are an industrious bunch. The cyber-attacks they stage are constantly changing, and are a rapidly-growing security threat to businesses of all sizes. Aside from regulatory and economic risks, ransomware attacks are probably the most frustrating and frightening attacks companies currently face as they can affect everyone with a computer or smart-phone.
Ransomware - a malicious software that can be sent via email and locks up a company's valuable data until a sum of money is paid - has the potential to cripple an organisation with very little warning. An entire IT network can be infected and frozen simply by an unsuspecting employee downloading an affected file or clicking on a suspicious email link, creating a connection point for cybercriminals to access company network drives in a matter of minutes.
What happens next is more alarming. Through these connection points, computer hackers can target data that is critical to the organisation, encrypt it, and extort it for money. Forced to pay the ransom fee, the victim firm is then reliant on the hacker providing the encryption key to unlock and retrieve the information. Payment is typically demanded in Bitcoins to anonymise transactions, preventing the perpetrators from be tracked.
To give a sense of scale to the cybercrime, 47% of NHS Trusts, 51 police forces, multiple businesses and six-in-ten universities in England have been successfully targeted by ransomware in the past year.
Dangers of surrendering to ransomware
Companies usually have two options when faced with a ransomware attack: pay up, or shut down their systems.
Most organisations opt to pay the ransom in the hope that the cyber criminals will deliver the encryption key to release the data, which is why more businesses are stockpiling Bitcoins. Others try to dismantle their networks in the hope that they can neutralise the virus before it spreads to other parts of the organisation.
However, neither approach is a guaranteed fail-safe. A recent study showed that two-thirds of companies falling victim to an attack have surrendered and paid up. But paying the ransom only leaves companies vulnerable to future attacks and perpetuates the threat cycle. And disconnecting enterprise systems creates downtime and disruption costing businesses far more than the price of the ransom.
How to combat ransomware attacks
Ransomware is just one example of advanced persistent cyber-threat that firms face. Rather than waiting for an attack, companies should take these four steps to reduce the threat ransomware poses to firms.
- Support the front-line defence. Raise employee awareness to minimise cyberthreats, especially those threats that require user action, like clicking on a bad link or downloading an infected file, to be activated. Train employees on cybersecurity practices to guard the organisation. Show them what to look out for and run mock phishing exercises, and provide a mechanism for reporting suspicious activity.
- Secure systems. Back-up all data in real-time, as well as in daily and weekly increments to both an external hard drive and the cloud. Separate your back-up drives from the network and ensure that at least one of these back-ups is to a secure remote location. This means that information assets can be recovered if ransomware strikes.
- Test for, and combat vulnerabilities. Keep all software, operating systems and applications up to date will provide some protection. But IT teams should also frequently perform penetration testing and application security assessments. This will identify areas of weakness and help prioritise IT assets that need to be upgraded or strengthened to prevent cyberattacks.
- Scenario planning and response. Prepare for the most likely and highest-impact attack scenarios in advance. To do this, business leaders need to understand how company's operations will be affected, and what response and action the firm will take in each case. If a successful attack is carried out, companies also need an effective communication strategy in place to inform staff and external stakeholders of a ransomware attack to minimise damage.
Given their potential profitability, ransomware attacks will only increase in volume and complexity. Whilst no company can be guaranteed a safe path against ransomware, companies can implement a strong deterrence policy to avoid being held to ransom.