The consequences of a ransomware attack can be utterly devastating. The mere thought of a business losing access to its computers, its networks and its data is a nightmare scenario for many – and this fear became a harsh reality for the UK logistics firm KNP Logistics in June 2023.
Unfortunately, the company declared insolvency in September 2023, directly attributing their financial downfall to the ransomware attack they experienced. This incident didn’t just lead to the closure of a company; it also resulted in 730 employees losing their jobs, underscoring the profound impact such attacks can have, both on a business and the lives of those it employs.
In this blog, we will be taking a closer look at ransomware attacks, as well as some of the ways you can help keep yourself safe and avoid becoming a victim.
Understanding a ransomware attack
Ransomware attacks will often form part of a phishing campaign.
Cyber criminals craft emails that are designed to look legitimate and appear to come from a trusted source – their aim is to deceive the recipient and encourage them to download an attachment or click one or more links.
Once triggered, ransomware will then quickly encrypt files on a computer and demand a ransom payment to regain access, payable via cryptocurrency to ensure anonymity. If a ransom is not paid, criminals may choose to threaten to delete the data accessed or publish sensitive information online.
What to do if you’ve got ransomware?
First and foremost, resist the urge to panic or pay the ransom. When dealing with cyber criminals, there is no guarantee that payment will result in a positive outcome, and an eagerness to pay may encourage future attacks.
Instead, your first action should be to disconnect the computer from any network it is connected to, to help stop any potential spread. The next step is to gather as much information as possible, including evidence of the ransom demand, and if possible, identify the type of ransomware that has been used. This is very important as there may be decryption tools available.
Inform law enforcement of the incident and provide them with any information you have been able to gather. They may also have experience with different strains of ransomware. A good place to start is: www.gov.uk/guidance/where-to-report-a-cyber-incident.
If the ransomware cannot be removed with decryption programs, restore the computer from the latest backup available and immediately take steps to increase security. This should include updating passwords, software and anti-virus/anti-malware software.
Prevention is better than cure
Taking steps to improve security and prevent an attack is a far better approach than trying to deal with the impact. By addressing the following points, you can help reduce the risk of your business becoming a victim:
- Employee training
Employee awareness is key, and potentially the most important way you can help protect your business, so educate your team about the risks of phishing emails and malware in general. Then make sure they are aware of what to do if they make a mistake, who they should report it to and how.
- Update software
Keep on top of any updates and patches, to both operating systems and computer software or apps.
- Security solutions
Use anti-virus and anti-malware software to help keep computers secure and protected against attacks.
- Backup
Make sure that backups are being conducted frequently and regularly so that computers can be restored back to working order if they become infected.
- Disaster recovery
Create a disaster recovery (DR) plan, policy or process. Take some time when everything is going well to plan what actions will need to be taken if there is a disaster, and define the steps and individuals needed to recover. Make sure these documents are stored somewhere where they can be readily available.
- Penetration testing
Engage with cyber security experts to identify any potential vulnerabilities that can then be resolved.
If you would like to find out more about pentesting or other options to help protect yourself, from security assessments or awareness training to ongoing cyber support, then please get in touch.
To keep up to date with information around the latest threats and advice, then you can also sign up for updates from The National Cyber Security Centre (NCSC).
What is CHECK? Exploring qualifications and pathways.
Like many industries, cyber security is full of acronyms and abbreviations – and this also extends into qualifications. We talk to and work with a lot of people who are either trying to break into a career in penetration testing, or who work at a consultancy that...
How can you protect yourself from malware?
The world has changed – and that change is only set to continue. Whether at home or in our professional lives, we are more connected than ever before and have multiple devices that we use daily, from smartphones and tablets to PCs and more. The drawback to this...
How secure is your password really?
For years we’ve been told that the best approach to staying secure is to have a good password. Conventional wisdom says that this should be at least nine characters long and use a combination of upper and lower case characters, numbers, and special characters. But I...
The importance of penetration testing for small businesses
In today's digitally driven world, small businesses are increasingly becoming targets of cyber threats. Yet despite some perceptions that cyber attacks are aimed at large organisations and corporate bodies, the truth is, every business, regardless of size, is...