A ransomware attack occurs when hackers gain control of IT systems or data and then demand payment to unlock them.
Ransomware rates have doubled in the UK
- There were 6.4m UK ransomware attacks during the first half of 2019
- 32% of UK businesses experienced a ransomware attack in 2019. The average associated cost in terms of lost data or assets was £4,180.
- Malware, including ransomware represents 27% of all attacks on businesses
- In one week alone, over 14 million emails containing Locky ransomware were sent to potential victims. Hackers are said to adopt a 'spray and pray' approach.
Malware (such as Cryptolocker, Cryptowall, and so on) is sent via phishing emails. When the recipient clicks on a link, the information on their computer is encrypted, effectively locking them out until the ransom is paid.
Case study: Travelex and Sodinokibi
Following a ransomware attack on New Year's Eve 2019, currency exchange bureau Travelex is fighting to restore normal operations and manage the disruption.
Its systems were initially taken offline as a precaution, supposedly due to a software virus, but on 7 January, it confirmed that it had been affected by the Sodinokibi (aka REvil) ransomware. Whilst its online money service was out of action, staff were forced to use pen and paper to serve customers!
Reports by the BBC alleged that hackers demanded a £4.6m ransom in return for the release of the firm's encrypted data.
Travelex has been criticised for lack of information and insists that there is no evidence that "structured personal customer data" has been encrypted.
Presumably, this explains its bold (or, should that be, foolhardy) decision not to report the breach to the ICO within the prescribed 72 hours, despite those behind the attack threatening to release customer data online. Cybersecurity experts and consumer groups are unimpressed:
Travelex and other retailers must urgently provide as much clarity as possible because many customers are worried and some have been left high and dry and unable to access the money they have ordered. See the BBC Travelex Twitter Post— Which? (@WhichUK) January 8, 2020
- Carry out regular security testing - with internal and external specialists to identify known vulnerabilities.
- Listen to the experts and act swiftly - It emerged that Travelex was one of a number of organisations warned about the vulnerability of Pulse Secure VPN by security experts and the National Computer Security Centre (NCSC) back in September 2019. If only…
- Make sure staff know how to escalate potential breaches and can identify relevant contacts - so you can quickly ascertain whether a breach has occurred.
- Develop an incident response plan - to ensure relevant information is collected about breaches, including the numbers of categories and records that are affected, relevant people (including internal and external specialists) are informed, and document the measures you have taken and any remedial action, etc.
- Be open and transparent by providing timely information to all those individuals who are affected to minimise their distress - in this case, it took Travelex more than a week to issue a press release on its website. Customers were kept in the dark, unable to top up pre-paid currency cards, during which time banks and other third parties insisted it was purely an IT issue. No information only leads to speculation.
- Show empathy - Travelex was criticised for focusing too much on its share price and not enough on the plight of customers.
- Remember, it doesn't have to end badly if you handle it well - according to cybersecurity expert Kevin Beaumont, Norsk Hydro actually saw its share price rise as a result of its transparent communications in a more serious ransomware attack.
- Don't delay in reporting breaches or wait until you get all the facts - instead, make an initial report and follow up with additional information as it becomes known. Remember, under the GDPR, notifications of serious breaches must be made within 72 hours.
- Focus on operational resilience - e.g. by keeping backup copies of data and systems and developing secondary systems to maintain business as usual in the event of a disruption
6 tips for reducing ransomware attacks
If there is one key learning from the Travelex experience, it has to be that the best advice is to reduce the risk of data breaches rather than deal with the consequences. With that in mind, here are our top tips on how you can reduce the risk of a ransomware attack.
- Be vigilant when dealing with unsolicited emails - Most malware is sent via phishing emails, so don't click on any links, no matter how genuine they may seem to be.
- Comply with your company's backup policies and schedules - Back up any files and data you regularly use, ideally to an offline storage device, so it doesn't get encrypted too. You will be better protected from the fallout of ransomware attacks if you can restore your systems as soon as possible.
- Adopt a 'layered approach' to security - by making full use of anti-virus, firewalls and web filters to help minimise the risk of ransomware attacks.
- Keep anti-virus and other critical software up-to-date - Hackers often exploit known vulnerabilities, so be sure to always download patches and updates immediately as soon as they become available. Where possible, configure all computers to download and install updates automatically so this isn't overlooked.
- Check privileges and access rights - Malware executes with the same privileges and access rights as whoever executed it. So, if someone with 'administrator rights' executes ransomware, the code will lock down whatever data they have access to. The greater the access rights, the bigger the impact. Check user privileges regularly and only grant access to data parts of the system on a 'need to know' basis.
- Don't pay up - No matter how tempting it may be! There are no guarantees that you'll get your data back or that hackers won't leave other malware behind. Indeed, experts warn that paying up simply makes you and others more of a target in future.
Want to learn more about Information Security?
We also have 100+ free compliance training aids, including assessments, best practice guides, checklists, desk aids, eBooks, games, posters, training presentations and even e-learning modules!
Finally, the SkillcastConnect community provides a unique opportunity to network with other compliance professionals in a vendor-free environment, priority access to our free online learning portal and other exclusive benefits.