As an ISO27001 accredited business, we live, breathe, and sleep global standards when it comes to information security. Part of our commitment to protecting our customers data involves alerting and educating businesses just like yours; we want to help your business avoid financial and reputational damage, by keeping your information secure.
This article focuses on ransomware, which continues to see record growth throughout 2017. In May this year reports broke of the largest outbreak we’ve seen yet. Both the UKs biggest hospital group and and Spain’s largest telecoms companies were victims of an attack which reached 150 countries. Read on for guidance on what to look out for, current state of play, prevention and recovery.
How to spot a ransomware attack
Most commonly, a ransomware attack will enter your company’s network appearing as an email attachment. The content might ask you to “act quickly”, or to make an invoice payment for example – then direct you to open the attachment. The attachment will then exploit any vulnerability in your network’s operating system which could start an encryption process.
Other methods by which ransomware ‘payloads’ can be delivered include remote control applications and remote access. If your business needs to use these kinds of applications, ensure strong credentials and two-factor authentication are used where possible and that the application itself is kept updated.
Ransomware is still clearly dominating the world of security; on the increase are not only numbers of attacks demanding more money from businesses, but levels of sophistication when it comes to how methods are distributed. To make matters worse, new compliance mandates are putting even more financial pressure on businesses despite the fact data may be recovered or the victim has to pay a ransom.
To give you an idea of why it’s imperative to protect your business, here are a few key stats that reflect the current state of ransomware play:
One business hit with ransomware every 40 seconds
No business is immune from a ransomware attack. Last year the number of attacks tripled, from one every two minutes in Q1 to one every 40 seconds by Q3. This staggering increase indicates that there are more criminals who are developing targeted campaigns, setting their sights on bigger gains.
Ransomware accounts for 6 out of 10 malware payloads
Whether via email spam email or exploit kit, if your business was infected in Q1 2017 it was most likely from ransomware. Researchers from Malwarebytes say approximately 60% of malware payloads were ransomware – the rest being a mixture of ad fraud malware plus small traces of everything else.
New ransomware variants increase by 4.3 in Q1 2017 from Q1 2016
When it comes to creating new ransomware, criminals have never had it so easy. There are now also fewer and fewer entry barriers to stop anyone who fancies a go at digital extortion; the rise of ransomware-as-a-service-model means it’s now easier than ever for amateur cyber criminals possessing the most base technical knowledge to customize and launch their own attack. Novices are also cottoning on to mimicking the more established ransomware families, more often than not with sloppy and error-prone results.
IT / Telecoms and Finance are among the top 5 sectors to have been attacked
Whilst there will always be some industries that are targeted more than others, no industry is immune. Over 20% of organizations in the Education, IT/Telecoms, Entertainment/Media, and Financial Services sectors have been recently hit. In the past year alone, IT service provider Intermedia reported that 48% of IT consultants experienced increases in ransomware-related support enquiries, across customers in 22 different industries.
For more stats and facts on today’s ransomware landscape, head over to Barkly.
Next up are some top tips for businesses’ on preventing and recovering from a ransomware attack, as recommended in the ICO’s Guide to IT Security
- Ensure your business has basic technical cyber protection measures in place to protect against malware. And that it is regularly updated
- Check all devices have the latest security patches
- Remove unused and unnecessary user accounts (eg as guest admin accounts) and restrict user rights to what is absolutely necessary
- Disable or remove or disable unnecessary software and reduce potential routes of entry available to ransomware
- Limit the damage you suffer if you are attacked by segmenting your network
- Protect your back-ups from being encrypted – make sure you have both offsite and offline back-up
- Train your team to recognise a ransomware attack in case it manages to get past your anti-malware protection
- Be sure to have an effective back-up process and policy in place that is fully working
- In the event of a successful attack, make sure the back-up will not be encrypted
- Test your back-ups regularly to ensure you can recover from a ransomware attack
- If attacked – once you have removed the ransomware, ensure a full penetration test and security scan is carried out on your systems and network. Don’t forget attackers may have gained other access that might have gone undetected, if they were able to get the ransomware onto your systems
To ensure your company’s information is secure and protected from cyber attack, contact us today.
And if you like what you’ve seen so far from IZEN, now’s your chance to make sure you never miss out. Opt in to receive bite-size blogs, video guides, partner success stories, and slick infographics on account based marketing, data management, and revenue generation. Not to mention the hottest industry updates, as well as what’s going on behind the scenes here at IZEN.