Ransomware: A growing threat for UK Businesses

RANSOMWARE ATTACKS ARE ON THE RISE: HERE IS WHAT YOU NEED TO KNOW

Many high-profile ransomware attacks have made the news over the last few years, most recently the Royal Mail cyber attack which has prevented the company from processing parcels and letters to ship internationally.

Targeted attacks on businesses and large organisations are often linked to hacking groups such as LockBit, who are believed to be behind the Royal Mail cyber-attack and other high-profile cases across the globe.

Statistics indicate that cyber attacks of all types are on the rise, with businesses and organisations of all sizes reporting an increase in cyber incidents year on year. It is therefore more important than ever that businesses understand the constantly evolving threat posed by cyber criminals and the increasingly sophisticated tactics they employ to gain access to systems and sensitive data.

What is Ransomware?

Ransomware is a type of malware (malicious software) designed to block access to a computer system until a sum of money is paid. Ransomware encrypts a user’s or businesses critical data so they are unable to access important files or applications. Once ransomware encrypts critical data and applications it is often impossible to decrypt files without the key provided by the attacker after the ransom is paid, which is usually demanded in bitcoin or other cryptocurrencies.

How is Ransomware spread?

Ransomware is often spread through social engineering, phishing emails with malicious attachments, or through infected websites which download malware to a user’s computer without their knowledge. Attackers can also exploit weaknesses in web servers to gain access to an organisation’s network.

How can I protect my business from a ransomware attack?

Once a system has been infected with malware, it is often impossible to decrypt without paying the ransom to the attacker. The sums demanded can range from thousands for small businesses, to hundreds of millions for large organisations, and there is no guarantee that paying the ransom will result in successful decryption of systems and data.

The best-case scenario for any business is to avoid falling prey to ransomware attacks. Cybersecurity training and education for employees at all levels is essential to reduce the risk of a malware attack spreading through human error, and businesses should invest in robust cybersecurity measures to make it more difficult for hackers to access important systems and data.

However even with comprehensive employee training and cybersecurity measures ransomware attacks (and other cyber attacks) can occur, therefore it is crucial businesses also have other measures in place to lessen the impact of a ransomware attack.

Back-up important data

Aside from encrypting critical systems, one of the main threats posed by ransomware attackers is the permanent deletion of important data. Ransomware can affect network system back-ups, so secure offline or out-of-band backups should also be performed regularly.

Develop an Incident Response Plan

It is highly recommended that businesses have an incident response plan to lessen the disruption caused by a cyber attack. An incident response plan will identify potential cyber security risks that can be mitigated and provide a clear guidance on the actions that should be taken following an incident, including defined roles and communications to be shared if an attack occurs.

An incident response plan can form part of a wider cyber security business continuity plan which is recommended to help minimise business disruption during a cyber emergency. You can read more about cyber security business continuity planning here.

Invest in Cyber and Crime insurance

Even with robust cybersecurity and the best business continuity plans in place, a cyber breach or attack may still result in a business being liable to pay out-of-pocket for data and system recovery, notification costs and reputational damage. There may also be legal liabilities and regulatory fines if an attack results in the breach of third party personally identifiable or sensitive information.

Investing in both cyber liability and cyber crime insurance cover will help your business offset the costs of recovery after a ransomware attack or other cyber-related security breach.

A comprehensive cyber insurance policy will provide financial compensation for the direct costs incurred, and any liabilities payable to third parties following a cyberattack, a data breach or loss of data. A cyber crime policy will cover financial losses to the business following an attack, such as fees for the support of expert negotiators and payment of ransom demands.

Many insurers’ policies offer Cyber Breach Response Support, which can be an invaluable resource when dealing with cyber-attacks. These services can include crisis containment, PR and reputation management and independent legal advice. Many policies also offer the services of forensic investigation consultants to identify the point of entry and extent of potential system damages, recover data wherever possible and negotiate with cyber criminals for the recovery of data and assets. These specialists can also advise on how to improve vulnerabilities in your current cyber security framework, reducing the risk of further cyber-attacks.

Find out more about cyber insurance here