ransomware

The atom bomb of ransomware explodes, but what is ransomware and how can you avoid it happening to you?

 

It’s the “atom bomb of ransomware” said Rohyt Belani, the chief executive of PhishMe, but that’s the thing about weapons of mass destruction, whether they are digital or physical, they can backfire.

The WannaCrypt worm, that forms the ransomware that is having such a devastating effect worldwide, including Britain’s NHS, was first identified by the NSA, and that’s where it all went wrong. The US National Security Agency found it after uncovering a bug in Microsoft’s SMB file-sharing services, and they used it to spy on targets, but they lost it, someone stole it. A group called The Shadow Brokers claim to have been behind the theft.

And now, combined with ransomware, someone or some shady organisation, is demanding $300 to $600 per computer to restore all documents that have been infected by the worm. If this was an Ian Fleming book we would call  it Spectre

Edward Snowdon blames the NSA, arguing that if, instead of trying to turn the bug it found to its advantage, it had disclosed the flaw to Microsoft and those in the industry of providing cyber security, all of this could have been avoided. There must be a lesson in that.

The ransomware is dominating media headlines worldwide, but then the writing has been on the wall for some time.

In Q1 of 2016 there were 31 million attacks blocking access to traffic. By Q2 that number had increased to 137 million, and then to 204 million in Q3 and 266 million in Q4.

Earlier this year Fresh Business Thinking interviewed Florian Malecki, SonicWall’s International Product Marketing Manager.

SonicWall estimates that there is $2 billion of potential to be made by what it calls the ‘bad guys.’ They may require payment before giving you access to your own data. And Florian told us that: “These days, if you want to make money illegally, and you think selling drugs or robbing a bank is tad risky, there is always the dark web, you can find companies that will act on your behalf, ‘hacking as a service.’”

He added: “People assume ‘It won’t happen to me.” Well it has now happened in almost 100 countries, it has taken an attack on a massive scale, but ransomware is no longer some obscure danger, like a rare disease that only happens in remote corners of the world, it is affecting our beloved NHS.

In fact, earlier this year, research from Timico, a cloud service provider, claimed that there was “an alarming lack of awareness concerning companies being prepared for ransomware attacks,  with 84 per cent of small to mid-sized UK businesses having no official ransomware policy, to guide employees on what to do in the event of an attack.”

Presumably, they know about it now.

But what steps can you take to avoid a ransomware attack?

Steve Harcourt, Senior Information Security Consultant, Redstor told Fresh Business Thinking readers that experts suggest “that the number one action that all companies should take to protect themselves is to schedule regular point-in-time backups. Merely replicating data and services to another location for the purposes of resilience may just result in a quick replication of an infection.”

TIMICO’S TOP TIPS TO PREPARING FOR (AND PREVENTING) A RANSOMWARE ATTACK
 
Get senior stakeholder buy-in, so all company ransomware prevention and response policies are communicated and enforced from the top.

Be proactive with your backup policy, and above all test on a regular basis.

Educate your users not to open or click on suspicious looking emails or attachments.
Up to date antivirus software should be considered essential.

Don’t get complacent – audit your historic backups, imperative if you have a multi-vendor solution in place.
 
Understand your Recovery Time Objective (RTO) i.e. how long can you afford to be down for?

Understand your Recovery Point Objective (RPO) i.e. how much data can you afford to lose?
 
Encourage your users to keep their work and personal data and apps separate.
 
Don’t pay the ransom! It’s still highly unlikely you will get your data back, or if you do it will be in unreadable format.
 
Do report the crime to the police, many don’t and as such attacks go under the radar…don’t let cyber criminals get away with it!

 

The lesson was painful, but has it been learnt? Time will tell.