(5 min read)
Ransomware is getting a bigger and bolder name for itself.
There have been several high-profile attacks already this year, including an attack on Florida-based information technology firm Kaseya, which is being called the biggest ransomware attack to date. That’s because it didn’t just affect Kaseya – it had a significant impact on hundreds of businesses around the world.
It’s actually pretty difficult to write about ransomware without feeling like you’re using scare tactics. The fact is, ransomware is – and should be – scary for organisations of all sizes. It has the capability to ruin your business. It’s perpetrated by people who just don’t care about that, as long as they get their money. And it can happen to anyone.
So we thought we’d compile a quick list of the 10 things we think it’s good to know about ransomware. That way, you’ll be informed, and you’ll know how to start looking after your organisation – systems and people – to reduce your own risk of attack. You can also check out the Malware and Ransomware Guidance from the National Cyber Security Centre.
Our ransomware ‘top things to know’
- Ransomware works because it hits you where it hurts – your data.
Today, data is the mainstay of most businesses – you can’t operate without it. And all organisations have legal commitments to keep data secure. So someone locking up your data and threatening to publish it all online not only ruins your ability to operate; it also puts you at risk of regulatory fines and reputational damage.
- Ransomware attackers lie in wait
Ransomware criminals want to make sure they have the most impact when they strike. So they don’t just pop up in your email and hope for the best. They find a way into your systems and can spend days – or even weeks – inside your network, deciding when and where might be the best place to hit you. And only then do they deploy the ransomware that will trigger your data loss.
- Paying the ransom sometimes isn’t enough
Ransomware attackers are greedy. They’re perfectly willing to have another go at blackmailing you – particularly if you’ve already shown willing by paying an initial ransom. So don’t assume that paying means it will all go away – your friendly attacker could easily just come back and ask for more. Get your systems thoroughly checked and analysed – because they could also have left themselves a way back in so they can do it all again.
- Rebuilding and recovery can take weeks of work
One of the reasons that ransomware has such a devasting effect is because it’s long-lasting. Not only do you have the original trigger, the ransom request and whatever hoops you have to jump through to get your data back – it can also take a long time to repair and protect your network – and earn back the trust of your customers. This can result in yet more downtime and damage to your organisation.
- Ransoms are usually payable in cryptocurrency, which is immediate and difficult to trace
In the early days of ransomware, criminals asked for ‘standard’ currency. This made their lives a bit more difficult because they needed to have somewhere for the money to be transferred to, and it was relatively easy to trace. Cryptocurrencies have changed all that. Not only is a cryptocurrency transaction much harder to trace; the ransom can be transferred instantly, so that pay out looks a lot more attractive.
- You may have to pay more than one ransom to get your full data returned
Ransomware attackers are excellent businesspeople. They know that, rather than just get one ransom and be done with it, there’s a great business case for continuing to ask for money. So, you might get an initial ransom demand in return for an encryption key to get access to your data. But then there may be another ransom because they may say they have a copy of the data that they will release. And if you keep paying, they’ll keep asking.
- The most important safety measure you can take is to keep an offline backup of all your data
The reason that ransomware often causes such chaos is because there is no offline data backup. Networked backups are just as vulnerable to attack as your live data – and in fact it’s part of the deal that attackers would interfere with anything that allows you to recover your lost data. The only way to avoid this is to keep an offline backup that’s regularly updated and preferably kept off-site too.
- You should assume you’re going to be attacked and prepare accordingly
It’s important to realise that ransomware attackers are not interested in the market value of your data, necessarily. They’re not going to sell it; they’re just going to stop you getting to it if you don’t pay. So the type, size, sector or profile of your organisation makes no difference to them at all – it’s all about how easily they can get in and how likely they think you are to pay. And that means that no organisation is immune from this type of attack. So assume you’re on the list, and take all the precautions you can. Preparing for a ransomware attack should be part of every organisation’s risk management process.
- There are lots of things you can do to protect yourself
We did say this might be a scary blog. And it is – ransomware is brutal. But there are plenty of things you can do to protect your organisation. An offline backup is a must, as is making sure that you use things like multi-factor authentication on your devices and systems. And giving your people good quality cyber training will help them to spot anything suspicious and potentially foil a ransomware attacker getting into your network.
- It’s not all about you
As we talked about at the top of this blog with the Kaseya attack, ransomware attacks can spiral out and affect other businesses supplied by the victim organisation. So along with making sure you’ve got your own protections and training in place, take the time to talk to your suppliers – particularly those involved with your technology and IT systems – to give your organisation confidence that you are protected from cyber attacks on third-party suppliers too.
We can help give your people the understanding and proactive behaviours they need to become an important layer of security for your business. Why not watch our cyber training demo video to find out more?