Ransomware and other cyber attacks are on the increase here in the UK and across the globe.
Ransomware attacks are extremely dangerous to businesses as they can affect and shut down critical infrastructure and then wipe out businesses funds if you choose to pay hackers.
In this blog, we look at the increase in ransomware attacks, what happens if you suffer an attack, how to better protect your business and what to do in the event of a ransomware attack.
What is a ransomware attack?
A ransomware attack is where cyber criminals exploit a weakness in your systems or data, they encrypt your files or devices preventing you from accessing them and steal valuable data.
The cyber criminal(s) will then demand a ransom in exchange for them decrypting the information or unlocking systems for you. In some cases, the criminals threaten to leak your data.
Is your business a target of ransomware attacks?
The simple answer is yes! Any business is potential target by cyber criminals. Cyber criminals will target all sizes of business where they can find a weakness in their IT security.
In 2023, Aviva research revealed that one in five UK businesses have experienced a cyber-attack or incident, with nearly one in 10 (9%) small businesses experiencing an attack in 2023. This number rises to 35% of large corporate businesses, showing the increasing risk that cyber presents.
What happens during a ransomware attack?
- Cyber criminals hack into your network, take control and plant malicious encryption software (known as malware) and often will copy valuable data from your system.
- The criminals activate the malware which then locks devices from your access and encrypts your valuable data.
- An on-screen notification may pop up on your devices, demanding a ransom and how to make payment to decrypt your data or unlock your devices.
- Payment is often demanded via an anonymous web page and payment demanded in cryptocurrency.
Should I pay the ransom if I suffer an attack?
UK law enforcement strongly recommends that you don’t pay the ransom. The reason for this is that there is no guarantee that the hackers won’t take the money and still leave you with a non-functional system. Also, they could leave things in the background that would allow them to take control again of the system and demanding you pay again.
Attackers often threaten to publish stolen data if the ransom is not paid. To counter this, you should minimise the impact that release of this data will have on you and the people whose data you store.
The NCSC's guidance on protecting bulk personal data gives more guidance on this.
How do I protect my business from ransomware attacks?
1. Install all security updates
Ensure that all your staff install all security updates and operating system updates when they are offered them. This is often a big area of vulnerability for businesses and even more now with remote working and employees using multiple devices. Turn on automatic updates where possible.
2. Make regular data backups
Ensure you have a strict routine of data backups. Back up all your data but ensure your essential data is regularly backed up. Test reinstating these backups regularly to ensure they work. Daily backups are our recommendation.
Back up to the cloud and offline and disconnect any hard drives from the network once a back up is completed.
Read the NCSC blog on Offline backups in an online world and their top tips for backing up your data for more information.
3. Educate your employees
One of the most common ways that hackers access your system is via emails masquerading as a legitimate person or company. These are called phishing emails. If the attachment in these emails is opened or links are clicked, it sends malicious code to your network.
Educate your employees to be extremely cautious before opening attachments or sending details. Some IT companies will ‘test’ employees and send them false phishing emails to show them the types of things to look for.
4. Install security software on your network and devices
Employ IT specialists either in-house or externally to implement some of the following things:
- Strict mail filing procedures and spam filtering procedures.
- Create intercepting proxies that will block known-malicious websites.
- Two-factor authentication adds an additional layer of security when employees sign into certain systems.
- Mail filtering and spam filtering procedures can be implemented by your IT support team or company that will block potentially malicious emails and remove damaging attachments.
For more detailed information read the National Security Cyber Security Centres Mitigating malware and ransomware attacks guidance.
Should I take out cyber insurance and what will it cover?
Your business is likely to incur costs should a cyber attack occur. These costs can include things such as recovery of data, IT support and advice, notifying victims of data breaches and restoring systems.
It is worthwhile working with a local insurance broker who is independent and can advise you on a wide range of policies that will suit your business both in terms of cover and budget.
Policies will cover costs, liabilities and losses associated with a variety of cyber incidents. You need to make sure the policy covers all potential risks including ransomware attacks, data breach, cyber-attacks and business interruption. There may be other specific risks relevant to your business, so discuss these with your insurance broker.
Find out more about what cyber insurance covers and why it’s important to your business here.
What to do in the event of a ransomware attack on your business
- Contact your IT team or IT supplier for advice and assistance.
- Report the incident immediately to the National Cyber Security Centre here.
- Report to Action Fraud here. This is the UK national Fraud & Cyber Crime Reporting Centre, this gives police details but raises awareness of the incident to help other businesses.
- If you have cyber insurance, contact your insurance company or insurance broker for advice and assistance.
How Harborough Portas can help
We can advise on the best cyber insurance policy to suit your business needs. Contact us today by calling 0116 260 0506 or email mail@harboroughportas.com for more help and advice on cyber insurance and other commercial insurance.
Useful links:
Aviva’s Cyber Security: Ransomware Guide
National Security Cyber Security Centre Ransomware Page
Action Fraud to report cyber crime