If it feels as though ransomware stories are making the news more often these days, you’re not wrong. Some of the most headline-grabbing ransomware attacks in 2021 include German chemical distributor Brenntag (who paid $4.4 million for the return of its data), and JBS USA, one of the largest meat suppliers in the US, (who paid an eye-watering $11 million ransom). And according to Jeremy Fleming, the head of the UK spy agency GCHQ, ransomware attacks on British organisations have doubled in the past year.
In 2020 alone, cryptocurrency ransomware payments totaled roughly $350 million according to Chain Analysis. At The Cipher Brief Annual Threat Conference, Fleming explained “[...] the reason it is proliferating is because it works. It just pays. Criminals are making very good money from it and are often feeling that that’s largely uncontested.”
With this troubling news in mind, here’s our advice for ransomware prevention.
What is ransomware?
Ransomware is malicious software, or malware, that locks your computer, or encrypts your files, until you pay a ransom. Some ransomware can even infect whole networks. Once it has locked you out of your computer, or encrypted your files, it will post a message instructing you to pay a ransom in order to regain access to your files. The size of the ransom demand varies and must usually be paid in a cryptocurrency such as Bitcoin. One of the most infamous ransomware attacks was WannaCry (believed by most experts to have originated in North Korea) which brought the NHS to a standstill in 2017. According to Lindy Cameron, CEO of the National Cyber Security Centre (NCSC), of all cyber threats, “ransomware presents the most immediate danger to the UK, UK businesses and most other organisations – from FTSE 100 companies to schools; from critical national infrastructure to local councils.”
How did ransomware get on my computer?
Typically it is downloaded onto a computer when a user is tricked into opening an email attachment, although you can also unwittingly download ransomware by clicking a link or visiting a website that’s embedded with malware. Ransomware can also be introduced to a computer system by connecting an infected device, such as a USB stick.
Does ransomware steal personal data?
Potentially. In the first half of 2020, just over 11% of ransomware attacks also included overt data theft. Often this stolen data is used to intimidate ransomware targets into paying up, by threatening to leak their confidential data online. The actual percentage of attacks including stolen data may be much higher however, as some attackers covertly steal data to sell on the dark web.
Does paying ransomware work?
Although the temptation to pay the ransom may be strong, doing so offers no guarantees that you will get your files and/or computer access restored. Furthermore, doing so may make it more likely you will be targeted again. The British government and public sector do not pay ransoms, and the NCSC advises against doing so. “We would say we would prefer people not to pay because that’s what keeps the UK safest collectively,” said Cameron.
Should I report ransomware to the police?
If you are the victim of a ransomware attack, you should report it to the NCSC. Victims in England, Wales or Northern Ireland should also report the attack to Action Fraud, the UK’s national reporting centre for fraud and cybercrime.
Under GDPR, a ransomware attack is considered a data breach, so you must also report it to the Information Commissioner’s Office (ICO) within 72 hours.
How is ransomware detected?
By the time you see the ransom demand, the damage has already been done. To prevent losing access to your data, ransomware needs to be detected before it’s had time to complete the encryption process. This is far from easy as ransomware typically operates in the background to avoid detection. In addition, the virus often hides inside another, innocuous-looking, program. However, if you suspect that your files are being encrypted, put your computer into hibernation mode and contact a cyber security specialist.
Can you get rid of ransomware?
Unless you pay the ransom – which is not recommended (see above) — decrypting files encrypted with ransomware is next to impossible. It goes without saying that the best way to protect against ransomware is to take steps to prevent it from infecting your computer system to start with; and have a good back-up and recovery plan in place to mitigate against an attack should one occur.
Depending on the scale and nature of your organisation, strategies for protecting against ransomware range from simple to complex. Organisations that hold sensitive data will almost certainly need to employ the services of cyber security specialists.
At a minimum, all organisations should employ the following:
Keep software up-to-date
- Don’t use outdated software, or make exceptions for older or obsolete systems, unless the risks are analysed and they’re separated from the rest of your infrastructure
- Make sure all systems are patched in a timely manner
Educate your workforce
- Provide regular, ongoing training in good cyber security hygiene so that your workers know how to spot fraud and phishing emails more easily
- Instil in them the importance of not sharing personal details with unsolicited callers, or in response to unsolicited emails, as well as taking care with what they share on social media.
- Remind workers to never use unknown devices such as USB sticks
- Operate on the principle of least privilege, or even Zero Trust. Read our blog post to understand the basics of this security concept.
- Review and remove unnecessary user permissions regularly
Backup your files
- Test backup plans and ensure you have offline historical archives and backups (disconnected from live systems)
- Never run macros, software, services or visit links you don’t trust fully
- Employ security controls on ‘Bring Your Own Devices’ and centrally manage them
- Use MFA and password vaults
- Use sandboxing tools
- Don’t use public wifi without a VPN
- Perform due diligence on your suppliers
- Audit your network regularly to spot changes
Says Fleming, “It’s not rocket science to defend against this sort of stuff; we know that if you do fairly basic cyber security … you’re going to protect yourselves or at least make you harder to attack than competitors, and therefore you won’t be as much of a target.”
Intersys is a cyber security specialist offering managed security operations centre services with packages available for businesses of all sizes. We also provide rapid response emergency and cyber security services support. If you would like to talk to one of our team about how we can help protect you against ransomware, contact us now for an informal chat.