Last year, security firm Malwarebytes revealed that 54 per cent of UK businesses had experienced a ransomware attack.
What’s clear from their wider report is that this type of attack is increasing in frequency and is deployed indiscriminately; it has affected companies and institutions as varied as the BBC, NHS hospitals, the Houses of Parliament, a large number of UK universities and countless more which never make the headlines. The Financial Conduct Authority has even stepped up their scrutiny of the cyber security practices of financial institutions of all sizes after seeing a significant rise in ransomware and other forms of cyber-attacks.
Ransomware, as the name suggests, is a type of malicious software that encrypts or blocks access to system data and then demands a ransom be paid to release it. Typically, an attacker will spray thousands of systems at once, looking for vulnerabilities that would allow the software in. Although the sums demanded have historically been modest, or at least small enough for a business to swallow, they are steadily increasing. In addition, a business might run into even more financial trouble if system data is destroyed entirely, leading to significant business interruption.
As the Malwarebytes report shows, these types of attacks are surprisingly common. And what we’re seeing as an insurer confirms it; in 2016, nearly a fifth of claims under our cyber insurance policy were for ransomware attacks. They are also relatively unsophisticated. Anyone who is looking hard enough can find pre-made ransomware ‘kits’ that come with instructions on how to deploy the software.
Attacks are, however, becoming increasingly sophisticated with a recent rise in so-called targeted extortion attacks. Rather than blanketing multiple systems with malware, attackers are doing their research and targeting single systems that they deem to be vulnerable. In this type of attack, data compromised might be more valuable to the business and, knowing that, hackers demand much more for its safe release. This can create significant collateral damage and put an entire business in financial jeopardy.
There are a few things that a business can do to guard itself against this type of attack. Obviously, good cyber security practices are top of the list; up-to-date anti-virus software, strong firewalls and employee training are all important in helping stop or reduce the impact of ransomware attacks. For example, it is believed that more than half of ransomware attacks on businesses start because employees are doing personal tasks on corporate devices, creating holes in security. It’s also vitally important that systems are backed up regularly and that these backups are kept on a separate, secure server. This will usually allow quick recovery of data, minimising the effect of the breach.
Cyber insurance policies are also now widely available and affordable. A valuable post-breach solution should the above security measures fail, most standard policies cover the payment of the ransom itself should this be determined as the best course of action. And a strong policy will give you access to specialist providers, who can give you professional advice, quickly determine the extent of the attack and help you manage an incident from beginning to end.
Symantec predicted that we would see a 35 per cent rise in ransomware attacks in 2017. It’s a very real risk for all types of business so ensure you are prepared.