Robin Varley, our Senior Data Security Manager, explains why the ransomware threat is growing and outlines the steps you can take to protect your business.
It’s the call every business manager dreads. Your company has suffered a ransomware attack and your data is stolen or encrypted unless you pay an eye-watering fee to the hackers. As the initial panic subsides, you need to consider how to react.
This very scenario played out for the US liquid fuel pipeline giant Colonial Pipeline in May 2021 and the world’s largest meat supplier JBS in June 2021. Both companies took the decision to pay the ransom which amounted to the equivalent of over £3 million ($4.4m) for Colonial Pipeline and £8.1 million ($11m) for JBS.
But would you pay? Should you? It’s a very important question to which there is no easy answer. But it is not one to be ignored because, no matter what an organisation’s size or sector, the threat is very real.
The Covid pandemic brought about a perfect storm for malicious cyberattacks, with the rapid increase in remote working creating system vulnerabilities for many who had not had time to introduce or enhance security measures for their disparate workforces. Even now, many are still playing catch up.
Businesses of all sizes are targeted but especially those with minimal tolerance for downtime. Globally, the ransomware attack volume for just the first half of 2021 increased by 151 per cent.
Each organisation must make its own decision about whether to pay ransomware demands or not and it is certainly not an easy call. Even the FBI (America’s Federal Bureau of Investigation) has softened its stance saying companies must consider all options.
The CEO of JBS said they made the payment “to prevent any potential risk for our customers”. As for Colonial Pipeline, its CEO said: "It was the right thing to do for the country." But he also conceded it was a "highly controversial decision".
It’s a difficult choice. Because, not paying can lead to being completely locked out of your own website and systems. This happened to the currency exchange business Travelex who were locked out of their website for a month, with disastrous consequences. Yet paying up provides no guarantees either.
It will come as no great surprise: that cyber criminals can rarely be trusted. A 2021 survey, found that, of the 57% of ransomware victims who paid, 28% failed to recover their data.
There is also evidence that once a payment is made, it may lead to requests for additional payments from the original perpetrator. Paying ransomware demands may also attract the attention of other hackers. A Veritas survey Found that once companies had been involved in a ransomware incident, they went on to suffer an average of 4.46 additional attacks.
In addition, punitive regulatory and legislative fines can be imposed for any data loss resulting from ransomware attacks. Also, those that do pay to retrieve their data can suffer reputational damage. Research has revealed that only 23% of customers think a business should ever negotiate with criminals.
Once a ransomware attack has been successfully launched against you, both options have the potential to damage – or even ruin – your business.
1. Confront the issue
Don’t wait until you receive a heart-sinking call declaring you’re the victim of ransomware. Take the time to have the uncomfortable conversations about how you would respond in the event of this type of breach. Then do everything possible to take proactive measures to reduce the risk.
You should also use different ransomware scenarios when you test your Business Continuity and Disaster Recovery Plans. Although we can all hope that resilient cyber defences will act as a deterrent, the ransomware attacks on global giants indicate that a broad-brush approach isn’t enough. Having a strategy, among them, that is specific to ransomware attacks is advisable.
2. Don’t rely on insurance
Cyber insurance is becoming more expensive and harder to obtain. That is largely due to the high claim volume coupled with the high level of risk. Some insurers, like AXA, now refuse to write cyber insurance policies in France which pay out for ransomware. This trend may continue across other insurers and countries. Underwriting is certainly becoming more stringent for this type of policy and if cyber security is below par, claims can be declined.
3. Establish secure remote working protocols
The Colonial Pipeline ransomware attack has now been attributed to the breach of a virtual private network, commonly used by remote employees to connect to a company system. It is prudent to conduct a thorough review of all remote working protocols and seek professional advice if you are in any doubt as to the security of your current practices.
4. Review detection measures
Some ransomware attacks are successfully launched long before a ransom is demanded. This gives criminals plenty of time to gather and encrypt data. Automated tools which focus on endpoint security, intrusion detection systems (IDS) and firewalls are helpful in preventing initial infection but security teams also need to have the time and resource to use strategies and tools which can identify suspicious activity during this dormant period.
5. Implement a multi-level backup strategy
Ransomware can spread quickly through a network so multiple backups need to be kept in a protected environment, away from the main network. Off-site backups can be stored in the Cloud which provides a low-cost and scalable option. It is also essential to isolate backups and copies held on devices and to ensure these are in a format that cannot be changed or altered.
6. Engage a trusted professional
Providing additional support and resource to in-house security teams can be done cost-effectively through a trusted Major Incident Manager (MIM). There to provide expertise and with experience across a range of sizes and sectors of business, they provide guidance on risk assessment, robust security measures and the development and implementation of an effective remediation action plan.
Elavon can help you with all your data security challenges (Cybersecurity, PCI DSS, GDPR).
Contact us to discuss your data security needs.