In a joint review of cybercrime trends led by the UK, USA, and Australia, it was found that the number of sophisticated ransomware attacks originating from Russia, or being carried out by Russian speakers, has been on the rise over the last year.
Last October, the UK’s cyber agency GCHQ also stated that UK ransomware incidents had doubled.
This threat is now being highlighted in Government after Chief of the Defence Staff Admiral Sir Tony Radakin told the Cabinet earlier this month that the UK needs to be ready for a wave of Russian based cyber-attacks over its defence of Ukraine.
Ransomware is a type of malware that employs encryption software on the user’s device in order to hold their information at ransom. The information or data is encrypted so that the user can’t access or read their own files or databases. The criminals then demand a ransom (payment) in order to release the information back to the user.
Recently KP Snacks (makers of McCoy’s crisps and Hula Hoops) suffered a ransomware attack resulting in a supply disruption which is expected to last until the end of March at the earliest.
In light of this growing threat, Holly Andrews, MD at KIS Finance and personal finance and fraud expert has provided her tips for businesses on how to protect themselves from ransomware attacks. She says:
“Most ransomware attacks happen via unsafe websites, text message links, or email attachments that are sent to an employee of the company or organisation. This means that every company and organisation that uses email services is a potential target.
“Once the attachment or link has been clicked on, it activates the malware which then infiltrates the user’s device and encrypts the any data or information held. These criminals are smart and their attacks are usually targeted to a specific person that has access to important files and databases.”
1. Educate your employees
Your employees should be your first line of defence against ransomware attacks so it’s vital that everyone on your team is educated on how to identify cyber threats. Your employees should know never to open email attachments from an unknown source or to download files or software from anywhere that isn’t a known and trusted source.
It’s also important to keep your employees updated on all the latest threats and any new tactics that these criminals are using so they know what to keep an eye out for.
2. Keep anti-virus software up to date
Just having anti-virus software in place isn’t enough; it needs to be regularly updated in order to be effective.
Make sure to consider outsourcing your IT support needs to help ensure that every device in your company or organisation is regularly updated with the latest anti-virus and anti-malware software. Having software that updates automatically and runs regular checks will give you the greatest level of protection against any potential threats.
3. Limit access
In order to limit the risk of ransomware threats, it’s important that you limit access of important files to those who really need it. Giving employees access to databases and files that they don’t need only widens the risk as criminals have more targets for their attack.
4. Backups are essential
It’s absolutely essential to have backups of important files and documents. This is especially the case if your business can’t operate without them as backups will allow you to still have access to your data in the event of a ransomware attack, lessening the impact on your business.
Backups should be stored either offline, or in a system that is entirely separate from your business’ operating systems.
5. Have a response plan
Although taking these safety measures will mitigate the risk of an attack, nothing is 100% bulletproof and there’s still a chance that a ransomware attack can happen. In which case, setting out a response plan ahead of time will ensure that you can respond quickly to a threat.
Make sure that all of your employees know who should be alerted in the case of an attack and what steps they need to take after a breach.