Ransomware : It you didn’t know what ransomware was a few weeks ago….. it is almost certain that you do now in the wake of the WannaCry cyber attack that occurred earlier this month.
What is Ransomware?
This is a form of malicious software that is designed to block access to a computer system until a sum of money is paid. It is not possible to use the data and in some cases the hackers threatens to publish the data until a ransom is paid, there is of course no guarantee that once the ransom has been paid that the encryption code will be provided or if the hacker will still delete the data. If the ransom is paid it is possible that the hacker will return to carry out a further attack.
This form of malware effectively employs scare tactics not unlike that which have been seen in the days of a highway man in Victorian times who would hold a coach of unsuspecting passengers at gunpoint until they had handed over a ransom representing their wealth. Ransomware can be compared to the modern day “stand and deliver” threats that a highwayman posed.
The Impact of a Ransomware Attack
Ransomware attacks have increased four fold over the past two years with the UK being one of main targets for ransomware attacks as we are perceived to be a destination that will readily pay the ransom.
One report has collected data which reveals that 54% of UK businesses have been targeted with a ransomware attack where revenue has been lost and in extreme circumstances the businesses have had to close. The impact of a ramsomware attack can also cause reputational issues to a business that they may never recover from.
With the General Data Protection Regulations (GDPR) coming into force on the 25th May next year the emphasis of protecting personal data is increasing. If a ransomware attack encrypts personal data and the business is unable to restore the data it is conceivable that the ICO would consider that the business has not taken appropriate measures to keep the data safe and as a result in breach of the Data Protection Act.
The WannaCry Attack
The ransomware attack affected approximately 200,000 computers in 150 countries on 12th May . The most high profile organisation hit by this attack in the UK was the NHS . Outside of this, Renault, Nissan, FedEx and Telefonica were also hit by this indiscriminate cyber attack that appear to target legacy software that had not been updated. Organizations that still utilized Windows XP were particularly hard hit as this contained certain software vulnerabilities.
Managing the Ransomware Cyber Risk
Businesses should consider the following:-
- Adequate Back Up and Recovery of computer systems
- Patch Management of all systems with particular attention to older systems
- Staff Training to raise awareness of what to look for in a ransomware attack
- Regular Firewall Management
- The Purchase of Cyber Insurance
The National Cyber Security Centre offer some excellence guidance on their website entitled “Protecting your organization from ransomware” at the attached link :-
https://www.ncsc.gov.uk/guidance/protecting-your-organisation-ransomware
How Cyber Insurance Can Help
Cyber Insurance is a modular policy and it is possible to purchase specific areas of coverage tailored to a businesses requirements.
Cyber Extortion Coverage
This includes the negotiations with hackers and payment of the actual ransom
Forensic Investigation
This determines what data was compromised and how the systems were accessed
Data Restoration
This covers costs associated with trying to unencrypt data and to assist with the back up of data.
Business Interruption
This module provides coverage for costs associated with costs incurred with increased costs of working and possible loss of profits.
There are now many strains of ransomware which are becoming increasing harder to manage , presenting a constant challenge for businesses to manage. Business do need to constantly review their cyber security risk management processes and procedures which will go some way in alleviating this evolving threat that this poses.
