Fixing the UK’s Ransomware Problem

Written by

If you’ve ever been hit by ransomware, you’ll know the feeling of dread. There’s an all-too familiar sinking feeling when you realize your data is being held hostage by a hacker demanding a hefty fee for your data’s safe return.

Plenty of IT managers around the world are being put through the emotional turmoil of ransomware. A hospital in Los Angeles ended up paying £12,000 to get back encrypted patient records.

 The problem is only getting worse. Global ransomware cases increased by almost 170% in 2015, with the UK “disproportionately hit,” said to Intel Security. Now, Brits suffer more than 2,000 ransomware attacks every day.

Prevention is always better than cure, but the state of the UK’s businesses when it comes to shoring up user security is shockingly poor, which is extremely worrying when the threat is growing.

Considering the fact that ransomware generally manifests itself after an employee unwittingly opens an email attachment containing the threat and unleashes it on the systems, why is it that a recent survey of 250 UK companies by IS Decisions found that only 37% of UK firms provide security training to employees?

That same research also uncovered a whole host of poor user security within companies: 25% do not enforce password policies, 69% don’t monitor real-time logins on the network, and businesses are only confident of finding the source of a breach 36% of the time. This suggests that if a ransomware attack were to happen, companies generally won’t be able to tell how — unless the employee owns up, of course.

Despite so called security experts saying that there’s no cure, I would argue there are three clear ways to prevent ransomware, and even mitigate it, once you’ve been hacked.

The first thing to do is provide security training. One might think that’s a no brainer, but since 63% of companies don’t train their employees, you can hardly blame an employee for opening a dodgy attachment when they don’t know the risks. Put in place a regular, documented training program for each employee and ensure even the board attends the sessions. Ransomware doesn’t discriminate against its victims.

The second is to back up your data to a secure location. If you have a backup, you can simply disregard the ransom and restore your folders quickly and easily. Obviously, you’ll need to review your IT security afterwards to ensure that an attack doesn’t happen again, which is where the third point comes in — technology.

Anti-virus and firewalls are all very well for protecting against viruses, trojans, but you need more than that to protect against ransomware because of the way it works. Ransomware works by encrypting a large number of files at any one time. First, the attack reads your file contents before loading the data to memory. Then, the attack encrypts the data in the memory, writes everything to new files and lastly deletes the original files.

To put a stop to all that, you need a way to detect reads, writes and deletions, which anti-virus tools can’t always do. The good news is that technology exists that can work alongside your existing IT security to help you detect mass file reads, writes and deletions on your servers, so you can act quickly to safeguard your data.

In a nutshell, the key to stopping ransomware is knowing what’s going on in your servers at any given time and having vigilant and well-trained employees to recognize the signs of ransomware. Without that visibility and knowledge, you put your data at risk.

What’s hot on Infosecurity Magazine?