By: Michael Shuff, PA & 7Safe marketing lead
What is it?
Ransomware is malicious software. Ransomware attacks are typically carried out using a Trojan that is disguised as a legitimate file that the user is tricked into downloading or opening when it arrives as an email attachment. However, examples such as WannaCry exist that have worm-like capabilities, traversing networks without user interaction. Compromised websites and drive-by-downloads are also becoming increasingly common vectors for ransomware.
Why is it a threat?
‘Cryptor’ ransomware encrypts data on the victim’s device and demands money in return for a promise to restore the data. There is also another type known as a ‘blocker’ which prevents the victim from accessing their device.
How common is it?
Every 40 seconds, a company gets hit with ransomware. [Source: Kaspersky Security Bulletin 2016].
Is there a financial impact?
Yes – Ransomware is likely to cause a loss of service and any downtime is bad for business. Public perception could also deal a financial blow if the attack were made public.
Can you defend against it?
Yes. Up to date backups, isolated from the network, effective patching cycles and proactive monitoring that can quickly identify the behaviours associated with a ransomware attack and stop it before it spreads further. Maintaining an incident response playbook will also help in preparing your staff for knowing how what to do when an attack does occur.
What should if it happens to you?
When an attack is detected, isolate the infected devices and networks immediately, leave the power on, and call 7Safe’s cyber experts to arrange for an emergency site visit – see below.
Who can best deal with it?
Experts! For example, 7Safe’s Cyber Security Incident Response (CSIR) expert, Steve Shepherd, and the 7Safe CSIR team.
What 7Safe’s expert says:
“Ransomware is not new but it is becoming more prevalent, better targeted, and worm-enabled versions like WannaCry and Pnyetya are showing us what damaging effects global cyber-attacks can have. In addition to the human costs of widespread service disruption, cancelled hospital operations and growing levels of social anxiety, there is a trend towards serious financial impacts. For example, shipping giant Maersk lost $300M in the NotPetya ransomware attack.
Serious impacts on that scale make the cost of CSIR measures seem puny by comparison, and yet so many organisations only start planning for an attack after they have been the victim of one. It’s a no-brainer: either train your staff or call the experts that you trust to plan for, respond to, and follow up after attacks.
Because the likelihood of a serious impact is rising fast and the cost of not having a well-rehearsed plan greatly outweighs the cost of getting the right advice.”
# # #
It’s not a matter of if, but when. In 2017, 74% of British businesses said that cyber security is a high priority for their senior management, with 49% of those having experienced an attack or breach within that year. Despite this, only 11% have a formal cyber security incident management process or response capability in place.
We provide Cyber Security Incident Response (CSIR) services to organisations who would like to prepare for or are suffering from a cyber-attack or breach. We offer four-tiers of retained service to deliver peace of mind, and in the event that an incident is currently taking place we can be deployed on-demand. Our Cyber Threat Hunting (TH) services are integrated with our retained CSIR service tiers.