Ransom attacks – are you next?

Paul Holborow, Head of IT Services at RMT Accountants and Business Advisors Ltd, looks at the worrying trend of ‘ransom attacks’.

Ransom attacks occur when cybercriminals get on to your network and encrypt data drives, and then demand a ransom in return for decrypting the data. Whilst a couple of recent cases may appear to be on the other side of the world I know small business in the UK have suffered at the hands of criminals too.

In one recent incident, a business in Australia reportedly paid about £2,000 ransom to get back access to important financial records, including credit card data and debtor invoices. The attackers demanded the money within seven days or the sum would increase by AUD $1,000 per week. Worryingly, this attack used 256-bit encryption, to all intents and purposes impossible to crack if the key has not been exposed during the attack. In another case in December 2012, a gang used the same tactic to hold a medical centre to ransom in return for decrypting a database of client medical records. Enforcement agencies think the attacks came fro m a Russian gang, proving cyber-criminals know no geographical boundaries.

The vulnerability targeted by attackers was to infect users through compromised websites by targeting common software flaws. Ransom malware has become a serious issue during 2012, although its effect on businesses is rarely recorded. Most of the data that has become public has been in the form of police warnings based on attacks against consumers.

That these attacks are happening – and small businesses are paying the ransoms – is a worrying trend. Small businesses are seen as easy targets as they have, generally speaking, lower protection measures in place. Of course, a lot of small businesses can’t afford the interruptions to their trade and want the problem solved. Some might not even think they are a victim of a crime and will pay to solve what they believe is an IT problem. But the attack hides further potential crime as the data stolen could be used in other types of fraud.

What can small businesses do to protect themselves? Obviously, have a business edition of anti-virus and anti-malware software installed and kept up to date on all workstations and servers. Have a proper security audit that looks at the business risks and the risk to your data and ensure you have proper security plans, policies and staff training in place. This strategic planning will then help you direct investment to the right areas. They don’t have to cost the earth – a simple off-site backup strategy for example would have made the data available from another secure location.

RMT provide dedicated IT support and Information Security Solutions for small and medium sized businesses in the North East of England. For more information, please contact paul.holborow@r-m-t.co.uk or telephone 0191 256 9550.