2 minutes
A company was the subject of a ransomware attack a few weeks ago. They had forgotten to monitor their automated updates and when they hung up, no one fixed the glitch. Eventually someone broke in, delivered a malicious payload and the rogue software quickly encrypted everything and shut out my client from using his IT systems.
In recent times, there has been a lot of talk about cyber-security threats.
Alarmingly, it seems that state sponsored cyber-espionage is not just targeting infrastructure industries but also small businesses to disrupt societies and to steal commercially sensitive information such as inter-company negotiations, contract details, new technologies and secret designs.
Though state-sponsored cyber-threats are grabbing the headlines, the private organized criminal is far more numerous and can be no less effective.
Ransomware is software designed to encrypt a victim’s IT system and in return for a ransom, the perpetrator will supply a decryption key so that the victim can retrieve their data.
An industry has grown around ransomware; vendors are hawking Malware-As-A-Service allowing perpetrators to “enter the industry” for just a few hundred dollars, configure their new system to target particular businesses and then unleash them.
With thousands of perpetrators entering the industry, they have started casting their net ever wider in their search for “customers.” Now small businesses and even homes are being targeted.
Perversely, ransomware perpetrators now have marketing gimmicks such as “try before you buy” whereby an infected victim can submit a portion of their encrypted system to be decrypted so that the victim can be confident that the perpetrator is serious about providing decryption should the ransom be paid.
It used to be standard to reach back to a previous (hopefully uninfected) back up to restore the system and to change all passwords and remove all disused user accounts and other measures to negate the perpetrator’s attack.
But now such ransomware can sit lurking for days, weeks if not months so that it can quietly populate all the backups being carried out over that time.
Attempts to breach a company’s IT systems number in their hundreds every week.
The IT industry is aware and diligent in working on patches and fixes to shut the door on system vulnerabilities as they become aware of them. These vulnerabilities or exploits become public knowledge and perpetrators incorporate them into their malware and go looking for systems that aren’t up to date and attack them: So keep up with your updates.
Perpetrators are aware of this too and so they try to find human vectors as a way to breach your system’s security. This means tricking your users to double click email attachments, go to risky websites that masquerade as something legitimate so that they can click the one button that launches an installer…
You probably already receive a few emails everyday: an invitation from the tax department to login to a new service that requires you to enter your username and password; or asking you to confirm a random purchase order; or to “fix” your Netflix account because “your validation has failed”?!
This is why cyber-security training for staff becomes so important.
Ransomware, malware, and viruses aren’t just features of Hollywood fiction, aren’t just playthings for young hackers with nothing more adventurous to do. It’s now a fast maturing part of organized crime, carried out by both civilians and state-sponsored agents.
After several days of work, and several days of business interruption for both my client’s business and his clients’ businesses that had systems hosted by him, my client was able to restore from a previous back up, installed all available updates, tightened up all his security measures and fortunately hasn’t had a recurrence.
Don’t get complacent. You are not in a movie.
