Important security message

By Suzie Cowling|2nd August 2016

Ransomware cyptolocker

Over recent months we have seen an increase in the number and sophistication of cyber fraud and ransomware attacks.

You will need a good system backup in the event of an attack – so please make sure someone within your organisation is responsible for checking backups daily; more on this later in this article.

Ransomware is a distinct type of cyber-attack where the attacker encrypts your data and asks for money to unlock it. Ransomware is spread through e-mail attachments, infected programs, fake software updates, compromised websites and by using weak passwords. There are hundreds of ransomware types of malware, such as Locky, Cryptowall, Job Crypter, Tesla Crypt. Although they have different names, they have identical behaviour in that they encrypt files and demand ransom. The only difference is the size of ransom. These ransomware attacks are often instigated by highly organised and sophisticated gangs who even provide telephone support to help restore your files if the ransom is paid – though we recommend you do NOT pay. Research shows that there is no guarantee that your files will be decrypted even after paying the ransom, by paying you simply support this malicious business.

Most ransomware doesn’t just scramble your C: drive, it also scrambles any files in any directory on any mounted drive that it can access, including removable drives that are plugged in at the time or network shares that are accessible, including server and other people’s computers, whether they are running Windows, OS X or Linux.

Who is being attacked?

Research shows that the main targets that are being threatened with this cyber-attack are small to medium sized businesses.  The main reasons that these companies can be vulnerable are:

  • Some staff use their personal devices within the business and companies are much more interconnected than before with a mix of online devices that, unless patched, are vulnerable to attack.
  • There is no in-house expertise to build a security system to protect the valuable data that the company holds, such as customer contact information, credit card data, health data, intellectual property and more.
  • Staff do not understand the risk they are taking when they click on links or install unknown software as they have not been provided with adequate training or risk assessment.

How do we protect ourselves against this threat?

  • Even with up to date anti-virus, firewall and operating systems you must be very careful before opening email attachments – please make sure you are 100% confident of the source.  Be wary when browsing inappropriate or non-work related websites.  Ask before installing unknown software.
  • Insecure passwords continue to pose a security threat with the two most commonly used being “123456” and “password”, both of which have remained at the top of the annual Worst Passwords List since it started in 2011.  One of our partners ESET, who provide anti virus and internet security, recommend creating complex passwords you can remember, storing them in your wallet or on your computer is not a good idea.  Passwords should be as long as possible, up to 14 characters is suitable and a mix of characters; uppercase, lowercase, symbols and numbers. Do not to use the same password for multiple internet sites, if one becomes compromised then accessing all of your internet accounts becomes very simple for any cybercriminal.  Try to change your passwords as often as possible and avoid disclosing your passwords to anyone. A useful article that may help you with this is found at http://lifehacker.com/four-methods-to-create-a-secure-password-youll-actually-1601854240
  • Most SMEs use Microsoft Windows, Internet Explorer and Office, ensure these are updated as soon as patches are available.
  • Also you may want to consider limiting the number of devices that are used in the business and general Internet access.
  • Of paramount importance is that you have a good backup of your important data as this needs to be restored in event of an attack on your system. You must check your backup daily and let us know if it hasn’t completed, shows any errors or you do not receive your usual daily backup report.

Please take a look at http://www.actionfraud.police.uk/small-businesses-know-your-business and https://www.nomoreransom.org/prevention-advice.html for more information and general advice.