Ransomware. The very word reminds you of old-fashioned kidnapping without the murder threat.
It’s far more likely that you or your employer will be a victim in the next 12 months than being hit by lightning or suffering some other natural disaster. The nature of the attack vector has changed and become far more insidious.
Types of ransomware
There are some main types – one that just locks a user’s screen and demands a ransom, another that encrypts data a user has access to, and a newer far more threatening variant that locks corporate databases and systems.
A recent attack in June 2019 knocked out the privatised forensic services of police forces in the UK and other European countries. The company’s European HQ system was attacked and the effect severely interrupted work including at its UK Eurofins Lancaster Laboratories.
The company paid the ransom – it didn’t have adequate recovery options in place. There is now a 2-month backlog in processing forensic evidence in criminal investigations.
Criminals are getting more selective and demanding
Ransomware first came to attention when unsuspecting users picked up a computer virus either through opening an email attachment or when browsing a malicious site that appeared innocent.
Those attacks were directed at individuals and demanded a relatively small sum of money as ransom to unlock the screen or unencrypt the user’s data.
Now it seems that criminals are profiling corporate targets and identifying those that can pay a much larger ransom. Eurofins is an example of a company where potential high profile PR damage can quickly persuade the board of directors to pay whatever it takes.
The NHS too suffered an attack in 2017 as assessed by the National Audit Office report. The attack technology used looks distinctly old hat now, compared with the Eurofins attack.
The stakes are rising – what can you do to alleviate a ransomware attack?
Users nowadays are more savvy and internal IT security departments have hammered best practices into people’s daily routines. You are less likely to find passwords scribbled on Post-it notes on computer terminals or finding employees opening email attachments in unexpected inbound communications.
That said, such security awareness training must continue. Criminals are adept at phishing techniques and social engineering. People still post too much personal info on their Facebook pages – how many of your FB friends happily publish their birthdays or even date of birth?
The only sure defence against ransomware is robust backup and recovery process. The problem is that, while that’s achievable at the level of a single computer or even a small company network, it’s a mammoth task for a large distributed enterprise or government IT system. Perhaps impossible to guarantee 100% recoverability without paying a ransom.
Expect more headlines involving large corporations. It’s probably happening right now but being kept under wraps.
Meanwhile, there are some steps that you yourself can take both at home, at work and while travelling.
Read this summary from the UK’s National Cyber Security Centre Protecting your organisation from ransomware. Also practical tips from Europol here. Or what the FBI recommend for Corporate Information Security Officers.