05 Sep UK Universities & NHS hit by ransomware
Next time you want to invoke a little bit of fear around your IT colleagues mention the word “ransomware”.
But all joking aside, ransomware hacks, viruses and crimes are so effective that IT managers, technicians, businesses and law enforcement agencies have seen a steep increase in ransomware intrusions over the last 5 years. Universities in the UK as well as several NHS trusts have been hammered by similar ransomware attacks over the last year. And it seems that no one is safe, no matter how strong their security measures seem to be.
Take Bournemouth University for example. The school already makes cybersecurity a top priority but it still received registered 21 cyberattacks in the last 12 months alone. SentinelOne, a cybersecurity firm conducted a study to determine roughly how many schools experienced ransomware attacks in the UK. If 71 universities, they saw that nearly 40 percent (23 schools) were attacked. This is a huge percentage, but experts believe that the figure will just get higher over the coming years. The scary thing is that only one of the schools notified the police. And therein lies the problem.
Ransomware preys on fear. Fear that data will get out to the public. Fear that data will be sold. Fear that data will be lost. Fear of what the public will think of the company that lost its data. The hack is straightforward in and of itself. Through a series of phishing and impersonation tactics, an unwitting employee in the company downloads and opens a file usually tucked away in an email. The download actually contains a worm or Trojan which buries itself deep into the system, waiting for the day it is to be activated. One day this virus is activated and it will encrypt, or lock, a file, folder or drive, denying access to the user. A popup message then appears telling the user that they will be allowed access once a payment (usually in the form of untraceable Bitcoins) is made. As an aside, this is so prevalent that were you to purchase or transfer Bitcoins today, you can actually choose an option labeled “For ransom”. The user, and presumably the company they work for, now have a choice to make; give in to the demands and hope that the criminals honors their word and grants access, or ignore the demands and risk their data being deleted, released or sold to the highest bidder (the latter is usually the more likely case). A further dilemma then arises for the company. Ransomware attacks are crimes much like extortion or, as the name suggests, a hostage situation. Were it a human being threatened they would likely call the police. However, doing so would be to publicly admit that their systems have been compromised, and would greatly affect their image and reputation to the public and their clients.
NHS trusts are no strangers to ransomware attacks and their repercussions. Security firm, NCC Group, conducted a study on all 60 NHS Trusts in England, 28 of which admitted that they have been hit by a ransomware attack, while 31 declined to comment citing patient confidentiality. However, there was no mention on whether the attacks were successful nor was any information given on whether or not the affected NHS Trusts paid the ransom. Paying the ransoms can be costly. Cybercriminals usually ask for a couple thousand pounds up to tens of thousands of pounds. While this is a significant amount of money, going to the police and revealing to their patients that their person and patient data has been lost would give them a bigger black eye.
To find out more about simple steps you can take to enhance your IT and email security, download our free security checklist here.
Fraudsters use fear to extort money from companies, businesses, schools and from the healthcare sector. Unfortunately, once a ransomware attack hits there is very little that can be done about it. It pretty just boils down to a binary choice; pay or don’t pay. Then hope for the best. However, the best way to prevent a ransomware attack is to remove the potential of fear. Ransomware attacks are so successful because of lax cybersecurity and improper, or in most cases non-existent, backup practices. Invest in these and you will drastically reduce the impact that a ransomware attack can have.
Improving cybersecurity measures ensures that phishing attacks remain unsuccessful. By implementing web and email filters the threat that reaches company systems is reduced. By enacting and enforcing strict email and downloading policies within the companies (of which no one is exempt, not even the C-suite executives), the danger of accidentally installing a work or Trojan is also reduced.
Backups can be a pain, which is why a lot of business, schools and even hospitals, glaze over them. Sure they will all say that backing up data is of utmost importance, however how many of them actually go through with it? Creating a backup of critical files and data ensures that should a breach occur and access to the data is denied there is a copy stored offline (and preferably in another location) that can be accessed. This reduces the fear and power that a cybercriminal can have over a company.
The sad truth, is that ransomware attacks are going to continue and will likely increase in subtlety and complexity. The penetration rate is also likely to increase and more and more business will one day open their computers to a popup window with a ransom message and a timer counting down the minutes.
So why not prepare in advance? There is literally no downside in doing so. Tightening up cybersecurity measures is never a bad investment and backing up data is a discipline that any and all businesses need to develop. Ransomware is here to stay (at least for the foreseeable future), but it need not be a sword that hangs over your head. Be proactive and weaken the hold that such an incursion will have over you and your business. Think ahead, consider the services of an IT support company to shore up your defenses and most of all protect (and duplicate) your data.