Remember the good old days, when ransoming meant kidnapping someone and sending a list of demands via the hard-to-read medium of magazine lettering?
Times have changed. In recent years the art of the ransom has developed a technological edge. The victims have also changed; the rich, the powerful and feature film characters are decreasingly the targets; instead the focus has begun to shift from individual to organisation.
Ransomware attacks are becoming an epidemic across the globe. And while you might think that your business is too small for a bad actor to bother with, the truth is that it’s not about size, but rather the level of vulnerability you exhibit.
Today we’ll take a closer look at ransomware attacks – what they are, how they work, and what you can do to guard against them.
What is a ransomware attack?
A ransomware attack usually begins with a simple email. An attachment is clicked, releasing malware. This malware searches your business systems, either stealing or blocking access to important and/or private data. The victim then gets a notification asking for a ransom payment, threatened with either perpetually blocked access or the private data being released.
A recent example involves a Kiwi gym with 1000 clients. An email came through claiming there was an outstanding invoice. A manager tried to open what appeared to be the PDF attachment, but nothing happened, so he kept on working. Later he tried to access a file, but all were locked. A pop-up then appeared demanding payment to regain access.
In mid-June a group of ransomware extortionists hacked trans-Tasman brewer Lion, before threatening to auction off financial information, private customer data and “important confidential documents” unless it paid a NZ$1.25 million ransom. Auckland-based Fisher & Paykel Appliances is another big name to be recently hit.
From the threat’s side, ransomware attacks are simple. Malware like WannaCry can be rented from criminals as a service, so it’s simply a matter of sending out thousands and thousands of emails and waiting for one to inevitably be opened. In 2019 767,907 users were targeted in just the detected ransomware attacks, and CERT NZ reported that in late 2019 the frequency of ransomware attacks rose 38% in a single quarter.
Understanding cryptocurrency and its link to ransomware
Anyone familiar with the Hollywood kidnapping canon knows that ransoms are always demanded in cash – specifically unmarked bills. It’s understandable then to think ‘if I need to transfer money electronically, surely it can be traced?’
Unfortunately this is not the case.
After the Bitcoin bubble of late 2017 many are aware of cryptocurrency as a concept. The key takeaway is the way that Bitcoin, Ethereum and other cryptocurrencies work – a blog for another day – makes them entirely untraceable. Ransomware actors thus demand their money in cryptocurrency form, ensuring they get away with the crime. It’s the most impersonal and in many ways lazy of ransom schemes – send out endless emails, and wait for the payments to roll in.
Protecting against and dealing with ransomware attacks
So how do you ensure you don’t become one of the growing number of ransomware victims?
Firstly, prevention is always better than cure. It’s becoming increasingly likely that you’ll be sent a suspect email, so it’s up to you to educate yourself and your team on security basics. Never open an email attachment sent from an unknown address, and never provide personal details when answering an email, message or unsolicited phone call.
You should also bolster your system security by:
- Ensuring that your email provider has strict malware and bad actor detection policies in place.
- Filtering all emails and scanning all content before it gets to team members.
- Ensuring that your antivirus software is up to date.
- Maintaining a strong firewall.
- Ensuring all systems and software are up to date with the relevant patches.
- Using a trustworthy virtual private network (VPN) when accessing business systems on public internet.
These contingencies should be enough to stop the majority of attacks, but if one were still to occur, there are a couple of things that will help to ensure that the situation doesn’t get out of hand:
- Keep a secure backup of all files: If access is blocked to important information, it’s a matter of having a suitable back-up procedure and restoring your files from a backup. Cloud-based software and systems now back up automatically, neutering many ransomware attacks.
- Never pay the ransom: Payment only serves to encourage and fund the attackers. By paying you’re also telling them that you’re an easy mark, opening yourself up to more attacks in the future.
- Create a recovery plan: A business should create a ransomware attack recovery plan that deals with both the technical side (restoring backups, cleaning PCs, etc.) and the human side (explaining the situation to your customers, suppliers, authorities, insurers and the public).
It’s tempting to label ransomware attacks as something that happens to other businesses. The data, however, says otherwise; this type of cybercrime is becoming more and more prevalent, and a tsunami of attacks, say experts, is expected soon.
It’s therefore vital that your organisation undertakes a full cybersecurity audit; that it prepares for what is increasingly becoming inevitable.
And with an expert team of cybersecurity professionals, at OneCall we can help you to do just that.