The consequences of a ransomware attack can be utterly devastating. The mere thought of a business losing access to its computers, its networks and its data is a nightmare scenario for many – and this fear became a harsh reality for the UK logistics firm KNP Logistics in June 2023.
Unfortunately, the company declared insolvency in September 2023, directly attributing their financial downfall to the ransomware attack they experienced. This incident didn’t just lead to the closure of a company; it also resulted in 730 employees losing their jobs, underscoring the profound impact such attacks can have, both on a business and the lives of those it employs.
In this blog, we will be taking a closer look at ransomware attacks, as well as some of the ways you can help keep yourself safe and avoid becoming a victim.
Understanding a ransomware attack
Ransomware attacks will often form part of a phishing campaign.
Cyber criminals craft emails that are designed to look legitimate and appear to come from a trusted source – their aim is to deceive the recipient and encourage them to download an attachment or click one or more links.
Once triggered, ransomware will then quickly encrypt files on a computer and demand a ransom payment to regain access, payable via cryptocurrency to ensure anonymity. If a ransom is not paid, criminals may choose to threaten to delete the data accessed or publish sensitive information online.
What to do if you’ve got ransomware?
First and foremost, resist the urge to panic or pay the ransom. When dealing with cyber criminals, there is no guarantee that payment will result in a positive outcome, and an eagerness to pay may encourage future attacks.
Instead, your first action should be to disconnect the computer from any network it is connected to, to help stop any potential spread. The next step is to gather as much information as possible, including evidence of the ransom demand, and if possible, identify the type of ransomware that has been used. This is very important as there may be decryption tools available.
Inform law enforcement of the incident and provide them with any information you have been able to gather. They may also have experience with different strains of ransomware. A good place to start is: www.gov.uk/guidance/where-to-report-a-cyber-incident.
If the ransomware cannot be removed with decryption programs, restore the computer from the latest backup available and immediately take steps to increase security. This should include updating passwords, software and anti-virus/anti-malware software.
Prevention is better than cure
Taking steps to improve security and prevent an attack is a far better approach than trying to deal with the impact. By addressing the following points, you can help reduce the risk of your business becoming a victim:
- Employee training
Employee awareness is key, and potentially the most important way you can help protect your business, so educate your team about the risks of phishing emails and malware in general. Then make sure they are aware of what to do if they make a mistake, who they should report it to and how.
- Update software
Keep on top of any updates and patches, to both operating systems and computer software or apps.
- Security solutions
Use anti-virus and anti-malware software to help keep computers secure and protected against attacks.
Make sure that backups are being conducted frequently and regularly so that computers can be restored back to working order if they become infected.
- Disaster recovery
Create a disaster recovery (DR) plan, policy or process. Take some time when everything is going well to plan what actions will need to be taken if there is a disaster, and define the steps and individuals needed to recover. Make sure these documents are stored somewhere where they can be readily available.
- Penetration testing
Engage with cyber security experts to identify any potential vulnerabilities that can then be resolved.
If you would like to find out more about pentesting or other options to help protect yourself, from security assessments or awareness training to ongoing cyber support, then please get in touch.
To keep up to date with information around the latest threats and advice, then you can also sign up for updates from The National Cyber Security Centre (NCSC).
Cyber security is an interesting, fast moving and in demand industry. On the one hand, we are constantly being told there are not enough professionals to fill the need. Yet without clear pathways, it can be challenging to find roles at the beginning of your journey...
“What is the difference between a vulnerability scan and a penetration test?” It’s something we are often asked by clients who are considering their security and starting to look at ways to protect themselves and their businesses. Vulnerability scans and penetration...
Cyber security moves fast. Threats evolve at an incredible pace and pentesting techniques change and develop along with them. That’s why your choice of pentesting training provider is an important decision. At North Green Security, we recognize the importance of...
If you are starting to look at cyber protection for your business, then the UK Government backed Cyber Essentials scheme is a great place to start. In fact, these are excellent standards to consider, wherever you are on your journey – at North Green, we go through...