April 20, 2017
"They were looking purely to hold us to ransom and get as much money as they could."
Ransomware is a particularly nasty species of online threat. Unwisely clicking on one attachment can see all your documents, your family photos, or your company accounts encrypted by a crook who will then demand a hefty ransom to let you regain access to them.
Ransomware has rapidly become one of the most common threats on the internet, as criminals exploited an easy and low-risk way of making significant amounts of money.
But the rise of ransomware may have one unexpected positive side effect: companies are now worried enough about being hit by it that they are improving their broader cybersecurity as a result.
Until now, most companies that don't have a big online presence have tended to give cybersecurity a low priority, largely because they don't think they have much worth stealing.
But while a customer database or a set of invoices might have no resale value to a hacker if stolen, that data is of very real value to the company that needs access to it in order to stay in business. This means that ransomware can be a threat to nearly any business with online systems.
According to research by the UK government, this realisation has encouraged companies to raise their game.
The Cyber Security Breaches Survey 2017 report, published today, says: "The prevalence of ransomware in particular has heightened awareness and made cybersecurity a more urgent issue for a wider range of businesses... businesses in sectors that may not expect to be targeted are falling victim to costly ransomware attacks."
"Such attacks also highlight the inherent value of the data that businesses hold, beyond personal or financial data -- with attacks on any kind of data potentially stopping businesses from carrying out day-to-day work and putting relationships with customers at risk."
The survey quoted one executive who said that the rise of ransomware had made it easier to show senior managers the scale of the threat if multiple devices could be incapacitated, "and to move business attitudes away from the stereotype of bedroom hackers, to focus more on criminal activity".
One IT manager at a civil engineering business said it would use the two ransomware attacks the company had faced to encourage the business to invest in new security software. Another company in construction said a disruptive ransomware attack caused its technology team to lose around two weeks of productivity and output.
The report said: "The ransomware attack opened their eyes to the fact that their business was not immune from cyber-attacks."
Not everyone has got the message, of course, and the report does include the cautionary tale of two senior managers in "one large civil engineering firm" who thought they knew better than the IT department, which had warned staff not to map network drives to their local laptops to limit the potential impact of any malware.
"One department head and another senior manager had ignored this advice and had later inadvertently downloaded a ransomware virus to a local laptop with the mapped network drive. The attack was not aimed at getting any particular data, but was just done to extract money from the business. The mapping allowed the virus to spread across the whole server, rather than just being isolated to the single device."
The report quoted the company as saying of the crooks: "They were looking purely to hold us to ransom and get as much money as they could."
In this case the backup files were only restored after around one working week and the laptop had to be wiped and rebuilt from scratch. "Although no data was permanently lost, there was a loss in productivity, and this alerted the organisation's senior management to the need to have better systems in place, restricting direct access to network drives for staff who do not strictly need access," the report said.
Other cyber threats
Still, for all its impact, ransomware is not the most common online threat faced by business. According to the survey, the most common types of breaches are related to staff receiving fraudulent emails (72 percent), followed by viruses, spyware and malware (33 percent) people impersonating the organisation in emails or online (27 percent), and ransomware (17 percent).
Just under half of UK businesses suffered one security breach in the last year, the report said, and four in ten of those said this lead to an outcome such as a temporary loss of files or network access (23 percent) or systems becoming corrupted (20 percent). Six in ten of those who identified breaches also said it adversely impacted their organisation, for example through being forced to implement new protective measures (38 percent) or having staff time taken up dealing with the breach (34 percent).
Among the 46 percent of businesses that detected breaches in the last 12 months, the survey finds that the average business faces costs of £1,570 as a result of these breaches, rising to £19,600 for the average large firm.