The consequences of a ransomware attack can be utterly devastating. The mere thought of a business losing access to its computers, its networks and its data is a nightmare scenario for many – and this fear became a harsh reality for the UK logistics firm KNP Logistics in June 2023.
Unfortunately, the company declared insolvency in September 2023, directly attributing their financial downfall to the ransomware attack they experienced. This incident didn’t just lead to the closure of a company; it also resulted in 730 employees losing their jobs, underscoring the profound impact such attacks can have, both on a business and the lives of those it employs.
In this blog, we will be taking a closer look at ransomware attacks, as well as some of the ways you can help keep yourself safe and avoid becoming a victim.
Understanding a ransomware attack
Ransomware attacks will often form part of a phishing campaign.
Cyber criminals craft emails that are designed to look legitimate and appear to come from a trusted source – their aim is to deceive the recipient and encourage them to download an attachment or click one or more links.
Once triggered, ransomware will then quickly encrypt files on a computer and demand a ransom payment to regain access, payable via cryptocurrency to ensure anonymity. If a ransom is not paid, criminals may choose to threaten to delete the data accessed or publish sensitive information online.
What to do if you’ve got ransomware?
First and foremost, resist the urge to panic or pay the ransom. When dealing with cyber criminals, there is no guarantee that payment will result in a positive outcome, and an eagerness to pay may encourage future attacks.
Instead, your first action should be to disconnect the computer from any network it is connected to, to help stop any potential spread. The next step is to gather as much information as possible, including evidence of the ransom demand, and if possible, identify the type of ransomware that has been used. This is very important as there may be decryption tools available.
Inform law enforcement of the incident and provide them with any information you have been able to gather. They may also have experience with different strains of ransomware. A good place to start is: www.gov.uk/guidance/where-to-report-a-cyber-incident.
If the ransomware cannot be removed with decryption programs, restore the computer from the latest backup available and immediately take steps to increase security. This should include updating passwords, software and anti-virus/anti-malware software.
Prevention is better than cure
Taking steps to improve security and prevent an attack is a far better approach than trying to deal with the impact. By addressing the following points, you can help reduce the risk of your business becoming a victim:
- Employee training
Employee awareness is key, and potentially the most important way you can help protect your business, so educate your team about the risks of phishing emails and malware in general. Then make sure they are aware of what to do if they make a mistake, who they should report it to and how.
- Update software
Keep on top of any updates and patches, to both operating systems and computer software or apps.
- Security solutions
Use anti-virus and anti-malware software to help keep computers secure and protected against attacks.
- Backup
Make sure that backups are being conducted frequently and regularly so that computers can be restored back to working order if they become infected.
- Disaster recovery
Create a disaster recovery (DR) plan, policy or process. Take some time when everything is going well to plan what actions will need to be taken if there is a disaster, and define the steps and individuals needed to recover. Make sure these documents are stored somewhere where they can be readily available.
- Penetration testing
Engage with cyber security experts to identify any potential vulnerabilities that can then be resolved.
If you would like to find out more about pentesting or other options to help protect yourself, from security assessments or awareness training to ongoing cyber support, then please get in touch.
To keep up to date with information around the latest threats and advice, then you can also sign up for updates from The National Cyber Security Centre (NCSC).
An A-Z of pentesting terms and abbreviations – Part 2
In this blog post, we continue our A-Z glossary of common pentesting abbreviations, acronyms and terms, from N-Z. Get ready for the likes of OSINT, RFI, YubiKeys and more. And don’t forget, you can catch up on any terms you missed in part one (A-M) here. N – Nmap One...
How to identify and exploit XSS vulnerabilities
What is Cross-site scripting (XSS)? Cross-site scripting (XSS) is a web security vulnerability in which an attacker is able to inject malicious scripts into vulnerable sites and compromise the interaction between the user and the site. Cross-site scripting is what we...
An A-Z of pentesting terms and abbreviations – Part 1
The tech industry is synonymous with abbreviations, and cyber security is no different. TLAs (three letter abbreviations), acronyms, other abbreviations and unfamiliar names or terms are the norm. As a result, in this blog we have collated an A-Z glossary for the...
Training, mentoring and the illusion of short-term mentorship
Cyber security is an interesting, fast moving and in demand industry. On the one hand, we are constantly being told there are not enough professionals to fill the need. Yet without clear pathways, it can be challenging to find roles at the beginning of your journey...