The Effect of Ransomware on Businesses & Organisations, July 2017
In recent months, concerning reports have emerged of the escalation of ransomware attacks hitting businesses and organisations, especially within Europe.
Ransomware has steadily grown since 2013; with estimations that attacks will double in 2017, from the previous year. In July 2016, Cisco declared that Ransomware is now the most profitable malware in history. The success of the attacks is down to cyber criminals discovering the profitability and effectiveness a ransomware attack can achieve while allowing the attackers to remain relatively ‘anonymous’.
In 2016, the FBI suggested that over $1 billion was lost to ransomware globally. What is most concerning is that the UK seems to be the biggest target for attackers. Security company Malwarebytes conducted a survey in which they found 54% of businesses were affected by some form of ransomware. Within the 54% of businesses infected, 58% paid the ransom, while 28% of those who didn’t pay lost their businesses data.
Downtime plays a large key in why ransomware is so effective. A majority of enterprises that have been affected said their business lost between $5,000 to $20,000 a day. It is no shock then that 96% of UK businesses are concerned that they are not prepared for a ransomware attack on their infrastructure.
The most notorious ransomware attack was ‘WannaCry’ which occurred earlier this year, and brought down many organisations. Shockingly many of the public health sector organisations across Europe including parts of our NHS were made primary targets of the WannaCry attack. In the UK, the WannaCry attack resulted in appointment/ surgery cancellations, and clinics temporarily reducing their services, by giving ‘exclusively emergency appointments’ to those in the most critical of need only.
Three weeks prior to the WannaCry attack on the NHS, DeepSecure warned that the NHS was vulnerable to a Ransomware Attack. DeepSecure concluded that legacy hardware and software could potentially allow zero-day exploits such as ransomware which would be detrimental to the organisation; considering the large scale of the NHS infrastructure. NHS Digital also reported that malware attacks went up from 16 in 2015, to 55 in 2016. It would appear that the failure to invest in modern security measures including the most basic of upgrades to a newer OS allowed WannaCry to spread throughout the NHS system.
A Ransomware attack spreads when an ‘unsecure’ file or device is opened on a computer connected to a network. Once the device is connected, the attack spreads quickly through the network with little ability to stop the attack spreading. An example of a ransomware being ‘suppressed’ would be WannaCry. A researcher who goes by the name MalwareTech, found a ‘killswitch’ by examining the structure of the WannaCry virus. MalwareTech found the ransomware was connected to an unregistered domain. By purchasing this domain MalwareTech stopped the ransomware from spreading. Even though the ransomware spread was halted, the computers that were affected remained encrypted.
ESET conducted a survey with Small and Medium sized businesses. The survey showed that SMB’s are the organisations most susceptible to ransomware and phishing. Most small to medium-sized businesses do not have a reliable safeguard against these attacks, leaving them prime targets. An attack could leave these businesses with lost data, time and loss in client trust.
IT specialists generally suggest you should not pay the ransom, as it doesn’t guarantee your files will be retrieved successfully. Paying the ransom will also make you a prime target for another ransomware attack in the future.
The best form of Ransomware prevention is for businesses to remain ‘proactive’ to the idea that their infrastructure will be breached by cyber criminals. We encourage all SMB’s to:
- Invest in a data protection plan which protects from Ransomware
- Create a Cyber Security Plan
- Invest in security software
- Upgrade from Legacy Software
- Remain up-to-date on all software patches, including OS updates
- Upgrade unsupported Hardware
- Do not connect untrusted (storage) devices to any computer connected to a network
At Cloud Central we encourage all our clients to invest in the latest data protection solution which creates continuous data backup’s, the solution should also use ‘intelligent layered’ security built-in, to prevent ransomware. It is recommended as it provides the company with recent backups to get back to work reinstatement without delay and to protect the backups from being encrypted by the ransomware attack.
To learn more about what your business can do to prevent cyber criminals crippling your business, get in touch with one of our experts.