- 4th June 2021
- Posted by: Mark Dodds
- Category: Security
“Thanks, but no thanks.”
Those really aren’t the words we want to hear when proposing a security upgrade that offers greater protection for a business against cybercrime.
But we do sometimes receive that response, and it’s always poorly informed. Which is why we felt compelled to write this blog.
Ensuring you have the latest protection against the constantly evolving world of cybercrime is a standard, no-brainer requirement, no matter the size of your business or industry within which it operates.
But if you’re working within a regulated industry, you really need it at the top of your to-do list.
Why are we focusing on ransomware?
There are, of course, many forms of cybercrime. They’re all horrible, nasty practices which are designed to steal data, illegally obtain money, and reck business reputations. But ransomware stands out for regulated industries because it evolves more than most.
Ransomware relies on encryption to steal your files and make them completely inaccessible to you unless you cough up whatever it is the cybercriminal is asking for in exchange for its return.
More importantly, any ransomware attack is classed as a breach under the GDPR guidelines, and that means you need to inform the Information Commissioner’s Office (ICO) if you experience one.
So, if you work within the legal sector or in an estate agents that has a governing body, you need to be covered by the appropriate level and type of cyber defences.
The damages aren’t just monetary
This is the killer.
As terrible as it might be to lose hard, cold money to a ransomware attack (whether that be as the result of paying the ransom or the lost time and revenue dealing with it), there’s something else that can hurt your business far more comprehensively.
If you’re subjected to a ransomware attack because you didn’t have the appropriate security technology in place to prevent it, you’ll need to own up to the ICO. In doing so, the breach will be made public knowledge and anyone who’s data may have been compromised will need to be informed.
If there’s one email or phone call you don’t want to undertake with customers, it’s to tell them that their personal data may be in the hands of criminals – because you inadvertently allowed them into your network.
Doesn’t bear thinking about, does it? And the brand damage might be irreparable.
Examples of ransomware
Just in case you need a bit more convincing, here are some examples of recent ransomware attacks which had devastating consequences for those targeted.
- WannaCry: Arguably one of the most well-known forms of malware, WannaCry impacted more than 200,000 computers in 2017 and spread itself across 150 countries. It was particularly brutal in that it infected core system processes and encrypted pretty much any file it came across.
- Ryuk: This form of ransomware is usually used to target businesses and organisations that can barely operate during periods of downtime. It attempts to cease antivirus protection and disables system restore features. Then, it grabs any data it can find before encrypting it.
- Purelocker: Typically aimed at enterprises, Purelocker is sold and distributed on the dark web and uses incredibly complex algorithms to encrypt files for cyber extortion.
- Zeppelin: This is an example of ransomware which attaches itself to innocuous-looking Word files and contains malicious macros that can encrypt boot files and entire operating systems.
None of them sound very nice, do they? More worryingly, with the COVID-19 pandemic sending so many workers home, these forms of attack are becoming far easier for cybercriminals to undertake.
This is solely because the world wasn’t ready for this level of remote working, en masse. It required entirely new and untested network access control systems to be implemented and resulted in a sudden influx of user-owned devices on company networks.
Chances are, your workforce is probably working largely from home or in a ‘hybrid’ fashion, too, so now really is the time to sure-up your cyber defences.
If you think we can help, just get in touch with the Compex IT team and ask us any questions you might have about ransomware protection.