Ransomware is not going away. Why would it when it is such a lucrative earner for cyber criminals? Businesses in the UK need to be alert and we mean all businesses. A series of slides from the Gartner Security & Risk Management Summit in the US reminded us of ransomware’s devasting effects and that we all need to prepare for an inevitable attack.
Table of contents
It’s a worldwide problem with the wealthiest countries leading the way. The US is home to more than half of the world’s ransomware victims* then Canada with the UK in third place. Despite China having the 2nd highest GDP ranking, they miss the ransomware victim top 10 in 14th place and Russia appears to be clear of cyber ransomware attacks. As a UK supplier though, we are interested in UK businesses, and while the US soaks up the brunt of the attacks, the UK is clearly on the watch list.
The global average percentage of businesses paying hackers to retrieve data due to a ransomware attack was 58%** in 2021. In the UK, that rises to 82% - the most in the world - so it is clear to see why cyber criminals would target us! Research found more than three-quarters of UK businesses were affected by ransomware last year, with phishing being the lead go-to way into corporate networks.
Again, there is not a typical business. You cannot rest on your laurels thinking that yours will not be of any interest to cyber criminals. Cyber security company Abnormal cites manufacturing as the most vulnerable business type with retail in 2nd place and business services in 3rd***.
While equivalent figures focused purely on the UK do not seem to be available, hacking attacks that hit the news in 2022 and 2021 have affected schools in the Isle of Wight, cut-price retailer The Works, the British Army’s online recruitment portal, ferry company Wightlink, Gloucester City Council, a kettle parts firm on the Isle of Man, and the Scottish Association for Mental Health. These are just the ones that have been reported on. No business type is immune.
One of our most popular blogs to date is still The Motivations of a Hacker from 2017! We get readers from across the world, potentially from victims trying to understand why they have been targeted or hackers who like to read about themselves. Let’s be clear here. Hacking is a crime and the motivation for ransomware is money. This is what sets ‘hackers’ apart from other bad actors.
- Hackers – look for financial gain, plus personal advantage, professional revenge or an edge on other hackers
- Insiders – look for personal advantage or revenge
- Hacktivists – look to force a change, throw the spotlight on a cause or ruin a business or organisation’s reputation
- Nation states – look to disrupt critical infrastructure for economic, political and military advantage
While remote attacks on servers, remote desktops, USBs and other removeable media devices, misconfigured cloud instances and third-party contractors all play their part, email phishing is still the evil villain when it comes to delivering ransomware. Gartner reports that 45% of computer ransomware attacks originate from a phishing email. These emails often use tried and tested templates to encourage employees to click on a link.
The top five*** were:
- Voicemail from unknown caller
- Parcel arrival notice
- Urgent email password change required
- Deactivation of an old OneDrive account
- Missed Zoom meeting
It is imperative your employees are alert to phishing emails and if they are in doubt, to not click on a link they are unsure of. At swcomms, we send them to our IT department to check over. Better them spending five minutes checking an email than the 20 days**** that can be interrupted by a ransomware attack.
According to our security partner, Sophos, businesses only generally recover 65% of the data that has been held to ransom. Only 8% of ransomware victims recover all their data and 29% recover no more than half their data. This means your business cannot work properly. Financial loss and a damaged reputation are also sure to follow.
As mentioned before, it seems UK businesses just want to get their data back and are more willing than any other nation to pay for it. Proofpoint report that some businesses had to pay extra ransom on top of their first payment demands to get their data while others refused to pay and gave up on ever accessing their data. The National Cyber Security Centre advice is to not pay the ransom as there is no guarantee you will get your data back and you are more likely to be targeted in the future. No-one wants to give money to criminals if they can help it, not to mention you will be directly funding criminal activity by doing so.
Assume you will be a victim and make a plan
This is an important step in the batlle to prevent ransomware. If you believe it will happen to your business, you will bring it to the board’s attention and make a plan. If you do not have a plan in place, you will not take steps to protect yourself should the worst happen or how to react if or when it does.
Backup, backup, backup…and prepare for your recovery
We cannot reiterate this too much. If you have backed up your data, ransomware will hurt your business far less. However, you need to ensure the data you try to restore is clean before landing yourself in a new mess. Restoring data can take a while, so you need to be very clear on how often you want your data to be backed up and how long you can wait to access it again. Not all backup products are the same, so a 20-day disruption is very real prospect. Veeam’s Ransomware Trends Report 2022***** found that most businesses took longer than a week to complete an entire recovery process, with some taking as long as between two to four months.
Protect your business from malware
Ransomware is a type of the malicious software known as malware, so you need make sure your business is protected using website, content and email filtering solutions. These should run in tandem with firewalling to secure your network, along with multi-factor authentication (MFA) to protect your employees’ credentials from being stolen and reused. You must make sure all your security patches are up to date too, plus software versions, and keeping an eye on user permissions. Any remote workers need to use a secure virtual private network too. It feels like an endless shopping list, but these are critical for ransomware protection. You will no doubt have some or all of these in place already.
Educate your staff to spot a phishing email
We all think we are tech savvy, but it is so easy to get caught out if you are in a hurry. There is training available for this if your IT team are too stretched to deliver this kind of guidance. Your staff really should know about phishing emails. Do not assume they will know what to look out for because it will probably be too late once they have discovered the tell-tale signs!
Ask for help
If your IT team isn’t big enough to address the threat of ransomware or you do not have an IT team, ask for help. We can assess a business’s vulnerabilities and give you a traffic light-style report to highlight what you need to fix or improve. We can supply all the hardware and software you need, and we can look after your IT needs on a day-to-day basis too. We can also offer cyber security training to educate your staff and to prevent them clicking on a potentially dangerous link.
Please do not hesitate to contact us to ensure ransomware does not cripple your business in 2022 and beyond.
*The Evolution of Ransomware: Victims, Threats Actors, and What to Expect in 2022 by Abnormal
**State of the Phish 2022 by Proofpoint
****Ransomware Q4 2021 report by Coveware
***** Ransomware Trends Report 2022 by Veeam
>Cyber security brochure
>5 reasons to change your IT support provider
>Cyber insurance is key for UK businesses in 2022 - but what about your IT support?