Ransomware is still on the rise, hitting a variety of targets in 2017 already, from an Austrian hotel where hackers blocked access to guest data, through to vast numbers of open source database users, and even Devon county council, which had critical and confidential records (including their allotment waiting list) ransomed.
Overall the incidence of ransomware malware increased by 267 per cent from January 2015 to November 2016, and a recent study by Citrix found that almost half (42 per cent) of large British businesses have experienced a cyber-criminal demanding a ransom payment. Almost two thirds (61 per cent) of those organisations paid out a ransom as a result.
We hear predominantly about large businesses and public sector being attacked, but there are scores of SMEs that are also under threat. Businesses may be asking both “how” and “why” this has happened, and there are several factors.
Firstly, more sophisticated strains of the original malware, like Cryptolocker and Locky, have been developed in response to criminal demand.
These new strains are harder to remove, often impossible for Anti-Virus software to detect, and also are readily rentable via the Dark Net, so that criminals with little technical knowledge have been able to create ransomware attacks.
Secondly, the sheer volume of attacks has rocketed, as serious career cybercriminals deploy vast botnets to bombard businesses with spam.
Phishing emails with malicious attachments, which pose as invoices, job applications or even family photos, are the main cause of infection. Volumes of spam are at their highest volumes since mid-2010 as a result.
Victims of ransomware often feel they have no option but to pay up, faced with either lost customer databases and costly downtime versus a relatively small Bitcoin payment.
In fact, Datto’s State of the Channel Ransomware Report found that seven per cent of IT service providers report that when businesses pay up, they have not received their data back. The average ransom requested is typically between £400 and £1,600.
However, ten per cent of IT service providers reported that they have seen ransoms of over £4,000. Data retrieval can sometimes be just the tip of the iceberg too – downtime can cost companies around £29,829 per hour, according to industry analyst Gartner’s figures.
So what can businesses do to mitigate this issue? The good news is that a combination of best practice and due diligence can help:
One of the first places to start is with people rather than technology, by educating employees. Ensure everyone is aware of the potential threats of opening unsolicited email attachments.
Invest in AV
Get a reputable anti-virus solution, and ensure that it auto-updates. Although criminals are constantly updating and tweaking their malware to evade anti-virus scanners, the most reputable AV tools work hard to protect your business, and will make attacks significantly less successful.
Make sure that all local machines are automatically updating to the latest operating systems, software and firmware available, and apply any manufacturer patches for software you may run locally too. This will ensure that you are running the most secure software you can.
It’s also worth considering restricting admin privileges for non-technical staff, and thus limiting their ability to run and install downloaded software on their local machines.
The last step is to backup your data, which will not only allow you to rollback to a non-encrypted version in the event of a ransomware incident. It’s important to remember that newer, more virulent ransomware variants, like CryptoLocker, will also encrypt backup drives that are physically connected to an infected machine, so automated cloud-based backup, or even better a hybrid cloud solution may be worth considering.
A hybrid solution involves local hardware backups combined with cloud storage to give the best of both worlds – a highly-resilient option that can protect against isolated incidents such as hardware failure or even localised events such as flooding, as well as providing anytime/anywhere access.
This picture may seem relatively bleak, but unfortunately there is little chance that the ransomware threat will go away in the next 12 months – a recent study by data breach response insurance company Beazley found that ransomware infections quadrupled in 2016 and will double again in 2017.
Ransomware poses a serious threat to businesses of any scale, but particularly SMEs. On the positive side, the best mitigation steps apply to everyone, and if correctly undertaken will have positive effects far beyond the prevention of ransomware.
However, the potential for this threat to change the way businesses engage with and operate online is considerable, and is only going to continue to impact enterprises of all sizes.
Andrew Stuart is EMEA MD of backup and disaster recovery vendor Datto