Ransomware threat soars
Britain’s now a top target for ransomware attacks so all organisations need to be much more vigilant.
The UK has suffered a 195 per cent increase in such attacks this year, compared to a 59 per cent decrease in 2018. Meanwhile, total global malware detections actually fell in 2019 after a record-breaking 2018.
According to a new report from cyber security provider SonicWall there were 6.4 million attacks in the UK during the first six months of 2019.
Ransomware disables technology and demands ransom money before devices are unblocked. There are two types. The first type encrypts the files on a computer or network. The second locks a user’s screen. The ransom is often demanded in a cryptocurrency – such as Bitcoin.
Your devices can be infected via a number of routes. You could be tricked into running programs that look legitimate. These may arrive via a phishing attack when you receive email attachments or links to websites which look genuine. Some ransomware exploits unpatched vulnerabilities in software while simply visiting a malicious website can also be enough to expose your business.
One notorious attack was WannaCry which hit many UK organisations, including the NHS. More recently, Eurofins Scientific was hit. It provides forensic services to law enforcement agencies and the attack crippled police forensic services for a sustained period, delaying court hearings and investigations. Eurofins was reported to have paid a ransom to unlock its files.
Outside the UK, aluminium producer Norsk Hydro was also hit earlier this year, forcing it to halt production at the cost of millions of dollars in lost earnings.
The threat has been exacerbated by victims paying up and thereby encouraging more criminals to use ransomware. The availability of open source malware kits has also made it easier for less experienced criminals to launch attacks.
The UK’s National Cyber Security Centre has published advice on how to protect your company which includes: improved defence against phishing attacks; better software vulnerability management and patching; controlling code execution; filtering web- browsing traffic; and controlling access to removable media.
Gary Jowett from Computer & Network Consultants in Brighton said: “Cyber criminals clearly see the UK as a lucrative source of income but paying the ransom only encourages more attacks. Your cyber defences need to be solid before such a disaster happens and employees need to be constantly reminded about the threats that may come from emails, social media, the internet of things and many other digital interactions.”