Many Kiwi businesses are falling victim to ransomware – a type of cyberattack that restricts access to an infected computer system and demands that the user coughs up a ransom to remove that restriction.
For modern cybercriminals, making money is paramount. If you haven’t put in place the right safeguards ahead of time, your choices are often either pay the money or lose your files.
It’s an escalating epidemic and businesses of all sizes are at risk of losing data and money, enduring significant business disruption and destroying their reputation in the process.
McAfee reported more than 4 million samples of ransomware in the second quarter of 2015, including 1.2 million that were new.
New Zealand isn’t too small or too far away to escape the focus of cybercriminals. Cybercrime cost our economy $257 million in 2015 and affected more than 856,000 New Zealanders. The government has responded by setting up a central agency to help businesses and organisations combat cybercrime, called the Computer Emergency Response Team (CERT).
So what exactly does ransomware do?
It’s like a virus and starts with malicious software, or malware, being unknowingly installed on a PC, which then replicates itself to other systems on a network. The software typically encrypts files or locks computers, then displays a ransom note demanding payment for the software to be removed.
For many small businesses, the costs of an attack and business disruptions can prove fatal. According to one study, 60 percent of all targeted cyberattacks struck small-to-medium enterprises and another found that 60 percent go out of business within six months of a cyberattack.
Just what is at stake? Although the impact of an attack will vary depending on your company's size and the circumstances surrounding the attack, there are four areas most at risk.
- Your business: A cyber breach will disrupt your business and shut down your electronic operations for some period of time, preventing you from serving your customers and leading to a revenue loss.
- Your systems: Infected computers are costly to repair or replace, and fixing and restoring systems can be a stressful, frustrating and time-consuming exercise.
- Your data: The theft can include important company assets, such as customer records and transaction histories, financial information and proprietary product or strategic information. All of these assets have incalculable value and can inflict crippling losses.
- Your reputation: Not only does a cyber breach impact your business operations, it also erodes customer trust, particularly if the theft includes private customer information that they rely on you to keep safe. Brand and reputation damage can linger for a long time, making people hesitant to share personal information, use your ecommerce site or even buy your products and services.
How ransomware attacks occur
The majority of malware comes in via emails. Many attacks are delivered by mass unsolicited spam with malicious attachments or web links. They are usually delivered opportunistically but over the past year we have seen these emails being localised for New Zealand and designed to look more legitimate.
The second most common way is when you browse the web. Your computer could be infected while surfing compromised websites, malicious websites or downloading infected files. When users unknowingly save malware on the network, more systems are infected.
Protecting yourself from attacks
Obviously the best defence is to stop ransomware from ever being installed. Now would be a great time to ensure that your security is up-to-scratch, with an end-to-end approach including these steps.
1. Ensure you’ve got email filtering to block emails with ransomware attachments or links to malicious websites. Choose an email provider that provides spam filtering and anti-malware scanning.
2. You also want to have web filtering on your computer or gateway (if you have a network) to protect users when they are browsing the internet by identifying and blocking malicious websites and scanning downloads for malware when browsing the web.
3. Update managed and monitored firewalls with the latest security patches to protect the border between your network and the internet.
4. Anti-virus software on computers and mobile devices should be considered your last “line of defence” and will attempt to stop malicious software from being opened or installed. Install supported security software for your device or computer operating system and always keep it up-to-date.
5. Educate your people so that they don’t click links or download files from suspicious emails - even if they think they know the person who sent it. Even the websites of reputable companies can be compromised and people should be careful about downloading files and installing software. Ultimately, it’s the way your team interacts with data that determines how secure your business is.
Whatever you do, remember that technology defences can’t guarantee you will be risk-free. So plan and prepare for the worst:
6. Keep a backup of the critical data you need for your business so you can quickly recover much of the data encrypted by the attackers. You need a backup program that does versioning - saving older versions of your files. But even those older versions will be useless if the ransomware succeeds in encrypting all the files on your backup drive. Disconnect the external backup drive when not in use or, better still, use a cloud-based backup provider such as Mozy.
7. Create a response plan and test your restore process so you know what to do if disaster strikes. Think about what other things you might need, like spare computers or on-demand computing for your servers, such as those from Infrastructure-as-a Service (IaaS) providers like Revera. A good business continuity plan is the key to recovery.
Where to start?
The government has produced a helpful toolkit for small and medium enterprises (SMEs), with additional information on how to protect your business online at www.connectsmart.govt.nz.
Spark offers a range of security services to provide you with the right solutions, including:
- SecureMe firewall and VPN (Virtual Private Network) technologiesthat deliver a cost effective, easy to deploy network and internet security solution.
We welcome the chance to discuss your company’s security profile. Simply make an appointment for a call today.