At Firstline IT we have seen an increasing number of ransomware attacks on our clients over the years. Each attack was devastating to the individual company involved at the time, although in all but one case we were able to recover all the data without paying the ransom.

Ransomware has been around for a while, but cyber criminals are getting cleverer. Some are attacking backups in addition to the main systems, and some are hacking networks and online backups to put ransomware in place, rather than relying on people unthinkingly clicking on email attachments or website links.

The ransom demands have also escalated. Typically hackers are now demanding around £10k to £15k for the return of your data. And, of course, if you are going to pay it will be in bitcoins over the dark net.

As we know, the UK government estimate costs of cyber attacks to small businesses can reach up to £115k,000 in today’s market. This can bankrupt a business and the cost of ransomware is much more than a few thousands. It’s potentially the end of your business if you cannot afford the cash or to continue to operate thereafter paying the ransomware.

And even when you do, will you actually get your data back from the cyber criminals? Who knows?

What is a ransomware attack?

Ransomware is a piece of code that gets into your network and encrypts your data so that you cannot read or use it. The ransomware infiltrates your systems software, either blocking you out of your data or making it clear that the computer has been compromised so that you know you will have to reach out to a cyber security company or professional for help.

One way to return it to normal state is to pay for a de-encrypting code; the criminals behind the attack usually leave a message letting you know how to contact them. You may also be able to recover your data from backups if these have not been attacked as well.

How does the ransomware get into my network?

Many ransomware attacks result from email campaigns or website links in which the malware is distributed as an attachment or as a clickable link. Each year these types of cyber attacks get more sophisticated. Email campaigns use more realistic origin domains, with better subject lines along with copying brand style or local government style email templates to imitate familiar looking emails that are far more likely to entice an interaction from the recipient.

The danger here is that since working from home became a reality, we have seen an 18% increase in email cyber crime since 2020.

Website ransomware is becoming more sophisticated, too. Interstitials overlaid on websites are looking more like adverts and often have ‘ad’ written on them to encourage the user to click the cross on the overlay. This often forces the software download onto your hardware.

Furthermore, cyber-criminals are now progressing to inserting ransomware through direct hacks, through weak passwords, into business networks. This is encouraging businesses and individuals to both improve their password from cyber crime and optimise their IT network to ensure data safety.

Am I OK if I’ve got a data back-up?

Not necessarily. If your back-up is on a device permanently connected to your network and cyber criminals hack directly into your network the hackers are likely to look for the data backup too and corrupt it. Additionally, once into a machine or server on your network hackers can access your cloud storage such as Dropbox, which makes covering all basis when backing up your data an absolute necessity.

A few years ago it was good practice to run your network from a local server and regularly back up to a network storage device. This still works as long as you unplug the storage device, but if it remains connected to the network you are vulnerable. If they corrupt your cloud storage there is usually a recovery route but this can be slow and the disruption and stress is still best avoided.

Who is most vulnerable to ransomware attacks?

IT networks that still use a local server or storage device to share data are most at risk. If you use Office 365 or Dropbox, the vulnerable parts of the network are individual machines and through these they can reach your cloud storage. If you do have data on a laptop or workstation, also make sure it is not the only copy in the business.

If you are still using Small Business Server with both data and email you are very vulnerable indeed as both systems could be lost in a ransomware attack. If you have a hosted email solution, for example, at least your email cannot be encrypted.

If you’re reading this and panicking, fear not, there is still time to safeguard your IT infrastructure from forms of cyber crime. A simple cyber security audit will help to identify holes in your IT security systems and a path to bolstering your cyber security systems.

How can I best configure my system to guard against attacks?

The single most effective way to protect your data is to store your backups so that they are not visible on your network. Either backup online to a remote hosting system or use two backup devices and swap them over every day. In addition, we would recommend that you keep your emails and accounts data on separate systems: if you do that, there is a good chance you would only lose data – which would be painful but not disastrous.

What else can I do to protect my system?

  1. Install Intercept-X, a network device from Sophos. If the server doing the backup is safe then the backups themselves will be safe.
  2. Maintain good housekeeping around email accounts, network logons and remote workstation accounts. Make sure you delete redundant mailboxes and accounts. Often businesses have generic accounts such as admin or test with weak passwords (so that everyone can remember them). In addition, hackers will often guess at simple user name logons – it’s a good bet than any organisation has a Dave or a Kate.
  3. Always use strong passwords on all network or email logons. Strong passwords contain upper and lower case characters, numbers and special characters where you have to use the shift key. To remember your passwords use any of the secure notes apps that are available on smartphones.
  4. Ensure everyone follows basic internet security protocols: never open an attachment if you are not certain where the email has come from (spelling mistakes are often a good clue to fake emails); and be careful about dodgy websites and advertising links.
  5. If you see a ransomware attack in progress, disconnect from the network and shut down the computer– you may be able to limit the damage.

Ultimately it’s about strong passwords

You may be getting bored with this but the importance of unique, un-guessable passwords cannot be overstated. If you think you won’t remember a long stream of characters, it’s not wrong to write them down somewhere safe– just don’t leave them on a sticky note on the computer screen.

Where can I get further help?

Firstline IT cybersecurity team will carry out a ransomware vulnerability audit. Please contact us for an informal chat about your risk levels and possible courses of action.