Ransomware was first reported in 1989, and the initial attack was via a floppy disc and requested $189 be sent to a PO box to restore access to their systems.
As with everything in the digital world we live in, it has gone through many evolutions and reinventions over the last several decades.
Ransomware is a form of malware, this is a file or code that infects an infrastructure to perform any action the attacker wants.
Ransomware, the primary function is to lock your infrastructure, preventing access to any systems or data.
The emerging trend; infect the system and hide. Collect as much information as possible, find and delete your backups, basically time the attack perfectly to yield the biggest return on their investment!
Deleting your backups is one of their top priorities, without this you cannot recover without paying the ransom!
Historically, cybercriminals were focussed on encrypting your data and charging a ransom to unlock it. If the ransom was not paid, the data would be permanently deleted or the ransom would be increased. If you choose not to pay to the ransom you had two choices, recover from your back up or pay the ransom.
In 2019, there was a significant increase in the number of attacks, and this saw insurers mandate “offsite” back up of data to mitigate the reliance on paying the cybercriminals. From 2020 onwards, the cybercriminals made to more changes to their attack strategy.
Firstly, the introduction of double extortion. Not only encrypting but also stealing the data. Why did they make the change? If a company refuses to pay the ransom, they could still be extorted to avoid data being released in to the wider world or other criminals. Secondly, the introduction of ransomware as a service (RaaS), making ransomware attacks available to criminals with zero cyber knowledge. Procuring the services of experts to execute their attack for a fee!
It is clear that cybercriminals are relentless in their efforts to hit their targets successfully, and are investing in new and smarter ways every day. Unfortunately, this is leaving technology and security system vendors on the backfoot. Pressure is also on for businesses and organisations to ensure they are taking the appropriate steps to protect their systems, information and assets.
So, with all of the recent changes, what is the real risk and impact ransomware currently. Hiscox (Business Insurer) released their Cyber Readiness report for 2022 recently, and this helps to better understand the risk. Scope; 5000 businesses, 8 countries and range of size and sectors.
- 41% of companies who paid the ransom did not get their data back!
- If you pay, it can still take up to 2 weeks to unencrypt the data.
- Ransomware can damage systems at the time of the attack, meaning data is lost or uncoverable.
- 43% of those who paid the ransom reported they still had to rebuild their entire systems.
- Paying the ransom does not guarantee that you will get your data back.
- There have been many reports of a repeat attack after the first ransom was paid.
- Paying the ransom does not protect your data, the cybercriminal could have stolen and sold this on without your knowledge.
- Even if you have cyber insurance, there is no guarantee they will pay out your claim for the ransom payment you have made.
- The ICO & the NCSC have made a joint stand that paying the ransom does not protect you from prosecution or that you will gain benefit from reduction in enforcement.
- While paying the ransom is not illegal, there could be sanctions in place making the payment illegal e.g. current sanctions against Russia as a consequence of the invasion of Ukraine.
Your best allies in your battle against ransomware attacker, and in fact most cybercrime is Prevention & Preparation.
Prevention
The best forms of prevention are certifications that provide assurances to you and your clients that you have taken steps to reduce risk, demonstrate compliance & protect data and information.
The most well-known is the Cyber Essentials Certification, focussed on assessing your technical controls to ensure you have them in place to protect you from the vast majority of common cyberattacks.
Cyber Essentials Plus is a higher-level certification that gives the added reassurance of an independent assessment.
Newer to world of cybersecurity is the IASME Cyber Assurance Certification, developed through government funding to create a cybersecurity standard. This standard allows small companies to demonstrate their cybersecurity, as an alternative to international standard, ISO27001.
The IASME Cyber Assurance Level 2 gives the added reassurance of an independent assessment.
Value
You are demonstrating to your key stakeholders and the outside world that information security is at the core of your business. No matter how big or small the business, it can bring additional value through;
- Competitive advantage over your peers
- Access to new public and private sectors customers who often require this as a mandatory expectation
- Increase your external reputation and status
- Provides assurances that you are compliant with all legislation, regulatory & best practices for securing your data and information
- Significantly reduces your threat from outside and internal attack
Preparation
- Risk Management
- Business Continuity
- Disaster Recovery
Risk Management; process that enables to you understand risk, act against it, minimising threats and maximising opportunities.
Business Continuity Planning (BCP) is about having a plan to deal with difficult situations, so your organisation can continue to function with as little disruption as possible. This plan needs to account for people, locations and processes based on criticality. The process is designed to understand the critical employees, critical time periods and your dependency on your offices.
Disaster recovery (DR) is a plan designed to recover the IT and infrastructure after a disaster. A DR plan comprises recognising crucial IT systems and networks, categorizing the RTO, and reporting the activities required to resume, reconstruct, and recover IT systems and networks. DR is part of the overall BCP.
Recovery Point Objective (RPO) is the tolerable amount of data the organisation is prepared to lose.
Recovery Time Objective (RTO) is the amount of time needed to recover the critical systems and applications.
- Ransomware is a significant risk to all companies, regardless of size.
- Prevention & Preparation are your best allies
- Paying the ransom doesn’t give you any guarantee of getting your data back.
- Backup must be held off site and off your network to avoid cybercriminals being able to delete or corrupt them preventing your ability to recover.
- Accreditations and certifications are affordable, attainable & available for all
- Cyber Risk;
- Loss of reputation
- Loss of ability to operate
- Financial penalties
- Failure to win new and retain existing clients
We hope you have found this guide useful, it is part of a series which can be found on our here on our website.
Our team can be reached on 03300 0241666 or contact@net-defence.co.uk should you have questions or what to better understand what your business needs.
