Last week’s ransomware attack that forced the NHS to cancel operations and affected organisations as diverse as FedEx, Renault and the Russian interior ministry may have been unprecedented in scale, but it was by no means rare.
Security firm Symantec says ransomware strikes increased by more than a third to over 483,800 incidents in 2016. And the 2016 British Crime Survey highlights that cybercrime now accounts for more than half of all crimes reported in the UK.
As John Unsworth, chief executive of the London Digital Security Centre, remarks: “Cyber-crime is a low-risk, high-reward venture for the criminal. Frankly, what rational, self-respecting 21st-century criminal would not to seek to prosper from the growth of the internet?”
Unfortunately, some businesses make it easy for hackers.
“The syndrome known as ‘it won’t happen to me’ is alive and kicking when it comes to the discussion of cyber-crime and how to prevent it,” Unsworth says. “Successful attacks, whether a phishing email, a DDOS [distributed denial-of-service] attack, an invoice fraud or a website defacement, usually have one thing in common: an inadvertent – or fully conscious – decision made by a human to either click on a link in an email, to not update to the latest software, or to provide remote access to a system containing data.”
Often triggered via a link in an email, ransomware either encrypts the files on a computer or network or locks a user’s screen, then demands the user pay a ransom to be able to use the computer again. However, there is no guarantee that the computer will be unlocked if the ransom is paid, and the police advise victims not to pay.
Stewart Watkins, the BPIF’s IT adviser, says the organisations most at risk from this type of attack are those still running unsupported operating systems and software, such as Windows XP, Windows 8, Windows Vista, Server 2003, and old versions of Adobe Acrobat and Flash.
He says any printers that are still using Windows Small Business Server 2008 should be aware that Microsoft stopped supporting the email server component of that, Exchange 2007, in April this year.
“A lot of people get stuck on that one because the actual server operating system is still supported but the email component of it is not. That’s particularly risky because the email server is the most internet-facing component of the whole network.”
Experts had warned that the NHS was exposing itself to risk by continuing to use the Windows XP operating system which Microsoft has not supported since April 2014. It was this vulnerability that allowed the malicious software, dubbed wanaCryptor 2.0 or WannaCry, to take root and spread throughout the network.
So, how can your company protect itself?
Unsworth says the actions that should be taken to guard against ransomware attacks will also help to protect your systems against other types of cyber-crime. Some of these steps are obvious and easy; others take a bit more effort and investment. But as Unsworth points out: “Your level of preparation will determine whether a ransomware infection causes you minor irritation or wide-scale disruption.” See boxout for advice.
Of course, risk can never be entirely eliminated, and every industry has fallen victim to hackers. What should you do if the worst does happen, and you find yourself staring at a ransom demand?
The first thing to do is to turn off your infected computer and disconnect it from the network. Then, report it to Action Fraud. The process after that will depend very much on how much you prepared before the attack – whether you can recover your data from elsewhere, and whether you can rebuild your server without needing new hardware.
One BPIF member suffered a ransomware attack in January, and described the whole experience as “extremely traumatic”. The virus locked all back-ups, completely wiping five years’ worth of data. The company even paid a ransom of £1,600, but the hackers simply demanded more.
By a stroke of luck, after a few days the company discovered that its MIS provider had taken a complete back-up of its system the previous month to solve a problem, and had not yet deleted it. This enabled the printer to recover almost all its data. But the ordeal still cost the company tens of thousands of pounds, not to mention many sleepless nights for management and staff.
Since the attack, the firm has completely overhauled its IT systems, reformatted all PCs and Macs and installed more software. It has installed two separate Wi-Fi networks, one for internal use and one for external use by customers, and phones cannot connect to the internal Wi-Fi. Every computer has a 12-character password, which is changed every month. Data is backed up every hour to both internal and cloud-based servers, and maintenance checks are run nightly.
The company’s managing director had a word of warning to other printers: “It’s a terrifying thought that our company, which had taken us 13 years to build up, could be brought to its knees in a matter of days from one cyber virus. If you think you are safe, you are not.”
Actions to help you prevent a cyber-attack
Ensure your software is up to date
Install system and application updates on all devices as soon as they become available
Maintain regular patch management throughout your network
Install firewalls and anti-virus software on all devices and keep them updated
Use strong and separate passwords and change them regularly
Train all your staff to behave securely online
Only give staff access to the parts of the server they need
Regularly back up data, to a device that isn’t left connected to your network such as an external hard drive or memory stick, or to a cloud-based server. Tech firm Rock IT promotes the ‘3-2-1 rule’: three copies of data, over two locations and at least one off-site
Use cloud-based email filtering – this can block many of the emails that carry variants of malware
Install software on your server that alerts you immediately if any attempt is made to change access permissions
Install a separate Wi-Fi network for visitors’ use
Take out cyber-insurance
Work with your IT company to devise a disaster recovery plan
Unsworth and Watkins also recommend obtaining Cyber Essentials accreditation. Cyber Essentials is a government-backed scheme that sets out a baseline of cyber-security measures suitable for all organisations in all sectors. Organisations that implement the five controls set out in the scheme can prevent around 80% of cyber-attacks.