In 2021, ransomware attacks rose by an estimated 105% across the world, and attacks specifically targeting British institutions doubled on the previous year. Director of GCHQ Jeremy Fleming told the Cipher Brief conference, “I think that the reason [ransomware] is proliferating – we’ve seen twice as many attacks this year as last year in the UK – is because it works. It just pays.”
But what exactly is ransomware, and why is it such a threat to businesses?
What is ransomware?
Ransomware is malicious software that encrypts a user or organisation’s data, rendering them unable to access files, applications or systems until a ransom is paid. The two most common ways for ransomware to infect a device or system are ‘phishing’ emails and URLs embedded either in emails or websites.
Ransomware is designed to spread quickly, infecting all devices connected to a network and making crucial data and systems completely unusable. If data is not backed up, or the backups themselves are infected, the victim of the ransomware attack will often have to bear the cost of the ransom in order to recover their files – or face simply losing the data, which can have catastrophic consequences for their reputation and their business overall.
The move to remote and homeworking during the pandemic is thought to have been a key cause of the recent rise in ransomware attacks. Away from the office, staff are not protected by their company networks, which tend to only let trusted devices connect to them and have better security than home Wi-Fi set-ups. In households where the whole family uses the internet and shares devices, children may be downloading games and accidentally adding viruses to the home network. Remote workers and the data they handle are therefore more vulnerable to cybersecurity threats.
Ransomware attacks on businesses
Organisations faced threats from ransomware attacks long before the pandemic, however. One of the first high-profile ransomware incidents hit the NHS in 2017, affecting more than 80 hospital trusts and 8% of GP practices. It’s estimated that the attack cost a total of £92m, with £20m being lost during the attack itself, and the repair and restoration of systems and data costing a further £72m.
In October 2020, prominent entertainment law firm Grubman Shire Meiselas & Sacks (GSMS) also fell victim to a ransomware attack. Data belonging to Lady Gaga, Bruce Springsteen, Madonna and Elton John was lost, and when the Russian hacking group responsible for the attack discovered files relating to Donald Trump, they doubled the initial ransom from $21million to $42million. On the advice of the FBI, GSMS refused to pay the ransom and was able to recover some of the lost data – but some of that data remains at large and available for purchase online.
As recently as May this year, Indian airline SpiceJet faced a ransomware attack that delayed flights and left passengers stranded at airports for hours, and also left customers unable to book tickets via the airline’s website.
The disruption to day-to-day operations caused by data loss is only one part of the story, however. If an organisation falls victim to a ransomware attack, there is the reputational harm to consider, as well as the possibility of being fined by regulatory bodies. In March 2022, Tuckers Solicitors were fined £98,000 for failing to secure sensitive data that became the subject of a ransomware attack in 2020. The Information Commissioner’s Office (ICO) found that the attack resulted in the encryption of 100,000 files – of which 24,712 related to court bundles. These bundles included medical files, witness statements, and the names and addresses of witnesses and victims. The ICO ruled that Tuckers had “failed to process personal data in a manner that ensured appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.”
Ransomware attacks can have devastating consequences for businesses, including financial losses and reputational damage – and it’s not just large organisations who are being targeted. The 2022 Cyber Security Breaches Survey found that 48% of small firms had identified a cyber attack in the last 12 months, and attacks involving ransomware were among the most damaging types of incidents. It is therefore crucial to have procedures and systems in place to ensure you are fully protected.
How to protect your business from ransomware attacks
There’s a wealth of measures you can take to both reduce the risk of your organisation being hit by a ransomware attack and limit the damage in the event of one occurring.
Ensure your data is backed up regularly and stored remotely.
The best way to do this is to use a third-party cloud backup provider who will store your backed-up data on remote servers, encrypt it at the highest available level of encryption, and ensure that the backups themselves cannot be infected.
Provide regular IT and cybersecurity training for all staff.
Training is vital when it comes to guarding against ransomware attacks – make sure your staff are educated on how to spot phishing, scam emails, and provide regular refresher training too.
Use a VPN (Virtual Private Network).
This provides additional protection for those working from home or remotely, as VPN servers apply a layer of encryption that ensures any data you send and receive is secure.
Enable two-factor authentication (2FA) on all devices connected to your firm’s networks.
Passwords can be guessed and stolen, and as users have multiple online accounts requiring various credentials, they tend to use the same passwords for more than one account. Two-factor authentication adds a verification step that requires something unique like a fingerprint, or a one-time code.
Make sure you have a comprehensive Business Continuity/Disaster Recovery Plan in place.
Know exactly which systems, applications, and data you would need to access first in the event of a cybersecurity incident. Ensure the plan is printed and stored safely or saved on a cloud system away from the network so that you can access it even if your usual networks are affected by a ransomware attack.