Tall, dark and… ransom

Greig Schofield, Technical Director at Netmetix, explores the murky world of ransomware attacks and shows how organisations can protect themselves against this growing problem.

  • 6 years ago Posted in
Call me a romantic but I’ve never believed that the stereotypical tall, dark stranger was limited to the world of fairytale.  For businesses in the digital age, a modern-day version is both an everyday reality and a recurring nightmare. Ransomware attacks – perpetrated by faceless, shadowy strangers – are no longer a tall story, they’re rife. Cyberspace is loaded with professional predators waiting to pounce, armed with malicious software to lure their prey. And instead of sweeping you off your feet, they’ll close down your business and drain your bank account. Welcome to Malice in Cyberland – the fairytale gone wrong. So how do you avoid falling down the rabbit hole? There’s plenty you can do to protect yourself.

First, let’s gaze through the looking glass and examine the size of the problem. Sadly, cybercrime is increasing. The number of high profile attacks grew in 2017 and is tipped to increase further in 2018 – why? The digital revolution, fuelled by the rapid adoption of Cloud and IoT, has created a perfect storm for cybercriminals – increasing the number of potential targets for hackers as they seek to exploit insecure devices through the back door. And as technology becomes more sophisticated, so too do criminals’ methods of attack. The impact is significant.  The World Economic Forum’s Global Risks Report 2018 claims that only extreme weather incidents and natural disasters are likely to cause greater disruption than cyber attacks in the next five years.

Improvements in cybersecurity mean that most attacks can be prevented. However, a worrying number of businesses remain vulnerable. Worse still, research from Computing found that 31% of UK organisations are likely to pay up if they experience a ransomware attack – a 6% increase on the previous year. The fear is perhaps understandable. Yet much of it is due to limited understanding of what ransomware actually is and, crucially, a lack of awareness that there are tools and processes that can significantly reduce the risk.

In simple terms, ransomware is malicious software (malware) that takes over a computer or system and encrypts data so that it cannot be accessed. The hacker subsequently demands money – ranging from hundreds to thousands of pounds – to decrypt the data and restore access. The ransom naturally increases with time but aside from the fee, an attack can significantly impact business continuity and, in the worst extremes, destroy a business altogether. Moreover, whilst most cyber criminals treat decryption as a professional business transaction, some make it impossible to restore data even after a ransom payment has been made.

Protecting against cyber attack: a five-step guide

So what can you do to mitigate the risk? In the UK, the government-backed scheme, Cyber Essentials, describes a cyber attack as the ‘digital equivalent of a thief trying your front door to see if it’s unlocked’ – and sets out a series of measures that organisations can adopt to protect themselves against it. The scheme, which leads to two tiers of Cyber Essential accreditation, provides a good basic framework for safeguarding a business. It identifies five technical controls that encompass the key aspects of assuring cyber security.

#1. Secure your Internet connection

This is a straightforward case of making sure your back door is bolted shut. Your internet connection is the gateway to your business – the way into all the sensitive data that makes your organisation tick. Despite this, it’s surprising how many companies still rely on primitive broadband systems to power their services. Securing your internet connection is a fundamental requirement of cybersecurity. This means embedding robust firewalls and, where necessary, enhancing them with core perimeter devices – unified threat devices – to prevent intruders from getting in.

#2. Secure your devices and software

This is about securing individual PCs, laptops and mobile devices. It begins with establishing a robust system for login authentication and ensuring passwords are strong and inscrutable. It also encompasses data encryption to make sure that information on laptops and devices that are likely to be used outside the office setting is adequately secure.

#3. Control access to your data and services

This is a crucial component that is specific to your business – there is no a one-size-fits-all solution. Assuring control of access to your data and services is all about establishing permissions – determining which employees can access, read and edit files. It’s a complex process that requires a granular understanding of your data, your organisation and how everything knits together to fuel the delivery of services. Moreover, it’s hugely important. Hackers will target the weak points in your infrastructure and can quickly exploit the slightest vulnerability. They thrive on ‘lateral movement’, meaning a hack of any unprotected device can piggyback them into adjacent systems and networks that contain more valuable data.  The key to controlling your data and services is to reduce access as much as possible, thereby reducing the threat landscape. It’s not an easy task.

#4. Protect from viruses and other malware

The majority of businesses now have antivirus (AV) protection. However, as we’ve already established, with the methods of cyber attack now increasingly sophisticated, AV software cannot stand still. It’s important to understand the distinction between ‘advanced persistent threats’ and ‘zero day attacks’. Persistent threats – those that have been seen before – are recognisable to most AV programs. However, zero day attacks – new and unfamiliar viruses and malware – are becoming more prevalent. Standard AV software is unlikely to spot it. At the base level, this threat alone underlines the importance of educating employees to be vigilant. It’s vital that everyone in an organisation understands the risks and recognises – and reports – unusual behaviour.

#5. Keep your devices and software up to date

The final control is common sense – yet it’s surprising how many companies operate systems and software that is out of date. However, if your software is not up to date, a hacker will quickly exploit it.  This once again exposes businesses to the damaging threat of lateral movement.

Safety in numbers: don’t try to do it alone

These five technical controls are a great start-point for businesses, but addressing them must be more than a tick-box exercise. Cyber Essentials accreditation is a worthwhile pursuit – and it can reassure customers that a business takes cybersecurity seriously. However, it’s possible to achieve first tier accreditation and still leave your operations exposed if you don’t go beyond the basics. It therefore pays to work with a technology partner that understands the nuances of cybersecurity and can configure your infrastructure so that all the intricacies of your business are properly protected.

A good partner will work with you to develop a forensic understanding of all your data points to build – and execute – a roadmap that delivers the greatest possible protection. They’ll have experience in deploying the full gamut of cybersecurity solutions such as firewalls, Intrusion Detection Systems and Unified Threat Devices – and can match those technologies to your real-world needs. Moreover, as cyber criminals’ modus operandi changes and types of malware evolve, they’ll be cognisant of the fluctuating threat landscape and be able to provide best practice advice to thwart it.

The threat of ransomware attacks is not a fairytale – it’s an unfortunate reality of modern business. But with a robust strategy underpinned by good technology and sound advice, much of it is entirely avoidable. Protecting your business doesn’t have to cost you a King’s ransom. But if you fail to do it properly, you might end up paying a high price.

By Barry O'Donnelll, Chief Operating Officer at TSG.
By Dr. Sven Krasser, Senior Vice President and Chief Scientist, CrowdStrike.
By Gareth Beanland, Infinidat.
By Nick Heudecker, Senior Director at Cribl.
By Stuart Green, Cloud Security Architect at Check Point Software Technologies.
The cloud is the backbone of digital cybersecurity. By Walter Heck, CTO HeleCloud
By Damien Brophy, Vice President EMEA at ThoughtSpot.