The recent spate of ransomware attacks that started on Friday 12 May has pushed it to the top of the cyber threat table. In organisations, this Wannacry/WannaCryptor version has a new capability: it contains a worm virus that enables it to self-permeate throughout networks and it has been at least partially successful in over 150 countries. Ireland was not badly hit, comparatively, but it was a loud wake-up call.
Ransomware hijacks your data by encrypting it. Those who have suffered say it is about the worst thing you can experience in IT malice, in very large part because of the sheer frustration. You know your data is there but you can’t see it, get it or use it. As everybody in business now knows, there is always a ransom. But the sums of money are usually not impossible. There appears to be Code of Extortion amongst the criminals and the rationale is obvious. If the terms are reasonable, it is quite likely that a majority of victims will pay up and not report to the police or data protection authorities.
Cyber ransom globally is at something like a level of petty crime. Until now. It has happened everywhere every day but the sheer volume meant public authorities cannot combat it effectively. Estimates and surveys suggest that 20% to nearly half of all organisations have experienced some version of a data hijack. Bluntly, investigations on foot of £500 to £1,000 ransoms cannot be prioritised by those authorities that are dealing with millions of stolen personal credit card or banking details or indeed actually money.
The Wannacry episode will certainly mean that authorities worldwide will take ransomware more seriously, not least because at time of going to press it was emerging that this exploit was more likely to be a cyberwarfare incident than a criminal one.
In everyday reality, when ransomware gets through and strikes—in an SME or professional practice, school or hospital, retailer or whatever—the absolute priority is doing whatever is necessary to get operational again. Right now. The top obvious first note on any CEO’s scribbled list will be ‘pay the damn thing!’
What are the alternatives? Essentially, they amount to ‘revert to our back-up data’. Trouble is, if that is not up to a few minutes previously the danger is that the malware is already in there and all you are doing is starting the cycle again. It is not unknown for ransomware to have seen sitting in a system for days, weeks or even months, then to be triggered without warning.
The essential questions are all about what you should do in your organisation—in regard to ransomware as all other cyber threats. The first answer has to be Get Advice. Whether you are aware of the increasing level of cyberattacks and seeking protection, or have actually had your data hijacked, expert advice from experienced security professionals is your best course of action.
Commtech can and does help in these situations, usually through our channel partners. We work with some of the best known names in ICT security including Barracuda, which offers a complete suite of solutions to detect, prevent or recover from a ransomware attack. Recovery simply entails deep cleansing of the malware and infected files, rolling back to the last saved and safe version an re-booting the business—usually in less than an hour.
Doesn’t that sound easy? As always in ICT, that is deceptive. The responses may be simple in concept, even automatic. But setting systems up properly is an expert job, especially security protection. But the solutions work effectively almost all of the time and the investment is worth it. Every time.