Datto, a trusted provider of total data protection solutions for businesses around the world, works with its partners to protect SMEs from ransomware attacks. As research shows that over half of UK businesses have been hit by attacks,[1] Datto has compiled a list of UK incidents to demonstrate impact on financials, business continuity and productivity.
Ransomware, a malicious software that locks your files and demands payment to access them, is no respecter of sector, with businesses from restaurants and hairdressers to public sector bodies and London’s financial sector falling foul of the concerning new trend. Ransomware is one of the fastest growing threats within cybersecurity.
Andrew Stuart, Datto EMEA MD comments: “Our list demonstrates how ransomware threats are becoming a major problem for business – encrypting company files until a ransom is paid is the equivalent of a cyber protection racket.”
Recently, researchers found that over half (54 per cent) of UK companies surveyed said they’d been infected with ransomware.[2] In a separate survey, although two thirds (65 per cent of respondents) said they paid the ransom, one in five organisations didn’t get their data back.[3]
Andrew Stuart continued: “Ransomware attacks have to be met with a multi-layered security approach, with up-to-date security and employee education. However, we think that the only way to really protect a business from the threat is to deploy a robust backup and business continuity solution. With Datto, we can restore your systems in as little as six seconds.
“We believe that there are a rising number of unreported ransomware cases, and SMEs are increasingly being targeted. They often have no alternative but to pay to recover data, and sometimes unfortunately even after payment do not receive their data back, so we would advise back-up, don’t pay up.”
1. A group of churches in Bristol[4]
A group of churches in Bristol were subjected to a ransomware attack in May 2016, after a finance officer opened a suspicious email containing a malicious attachment. The group consists of 46 churches in the Bristol and South Gloucestershire area, and as a result of the attack lost an entire database of financial records.
A simple job advertisement inviting applications started the cyber attack. The ransomware request arrived with the subject line: “Job application – please see attached CV”.
Once the attachment was opened, every document on the employee’s computer instantly encrypted, and hackers sent a demand for money in return for the corrupt files.
The church refused to pay the criminals, and provided all details to the police.
2. Hosted Desktop and cloud provider VESK pays £18k[5]
Hosted desktop and cloud provider VESK recently paid 29 Bitcoins (£18,600) as a result of a ransomware attack, after noticing that one of its environments had been impacted by a ransomware virus in September 2016.
This virus was a new strain of the Samas DR ransomware, and affected one of VESK’s multi-tenanted environments which hosted around 15 per cent of VESK’s clients. Because the ransomware strain was entirely new, VESK’s antivirus provider had not yet been updated to detect it.
Nigel Redwood, chief exec of VESK’s parent company, Nasstar, said: “The first thing we did was search the environment and kill the process. We then spent time to determine quickest route to restore services. We decided to do that by running restores from backups and also paying for the decryption keys, to attack the problem from both angles.”
3. Mr. Chow’s website serves up ransomware[6]
The website for popular fine Chinese cuisine “Mr Chow” restaurants was hacked and for a period in August 2016 redirected visitors to ransomware.
A malicious script (aka Darkleech) was injected directly into the website’s page as a result of a vulnerable version of Drupal. This script then redirected users to a well-known malware kit called Neutrino, which in turn infected vulnerable systems with ransomware.
The payload that unsuspecting users eventually received was the CrypMIC ransomware which demanded 1.2 bitcoins (roughly £558) at the time of the attack.
4. Ransom paid by Cheltenham hair salon after cyber attack[7]
A couple running a Cheltenham hairdressing salon paid £1,600 worth of bitcoins for the return of data after a ransomware attack in June 2016.
As a result of the attack, the salon owners could not access their electronic diary to check clients’ bookings or their contact details, which had been built up over 12 years. The hackers brought the salon to a standstill, and the owners estimated that the attack had cost the business thousands of pounds in lost bookings.
The police warned the salon owners not to pay the ransom, but the award-winning business owners felt the data was too vital to lose, so chose to pay up.
5. London financial sector prime target of ransomware attacks[8]
Some of London’s top banks, law firms and other businesses were found to have suffered nearly 10,500 ransomware hits by researchers. The City of London was found to be the top ransomware target in the UK, with 670 per cent more ransomware attacks than the rest of the UK’s top 10 vulnerable areas combined.
Unfortunately, some major banks now take the position it is more effective to agree to the extortion demands of cybercriminals rather than risk a full-blown cyberattack, according to Dr Simon Moores, chairman of the e-Crime Congress and former technology ambassador for the UK government.
“Financial institutions are now exploring the need to maintain stocks of bitcoin in the unfortunate event that they themselves become the target of a high-intensity attack,” he said.
6. 23 universities targeted in wave of ransomware attacks[9]
Out of 71 UK universities that were contacted via a Freedom of Information request to determine whether they had been victim of ransomware attacks, 58 replied and 23 said they had been attacked in the last year.
Bournemouth University, which hosts a cybersecurity centre, said it had been hit 21 times in the last 12 months. It confirmed the attacks but stated that: “it is not uncommon for universities to be the target of cybersecurity attacks; there are security processes in place at Bournemouth University to deal with these types of incident.”
The university added that there had been “no impact” on its activity as a result of the attacks. No university would confirm if it had paid a ransom but the largest sum demanded was five bitcoins, about £2,200.
7. Irish universities – Queen’s and Ulster
Queen’s University Belfast paid out in July 2016 when hackers targeted its computers in a ‘ransomware’ attack.[10] Freedom of Information requests revealed that the university has suffered three ransomware attacks in the last academic year alone.
On one occasion a £400 ransom was paid after hackers targeted a PC running Windows XP and encrypted documents and images. Once the ransom was paid, all encrypted files were recovered. The university said that its policy is that ransoms should not be paid, and the £400 payment was “an exception”.
Ulster University has identified 22 ransomware attacks since June 2015. Systems used by individuals were affected on 18 occasions and in four instances the cyber attack affected the networked file shares used by a university department.
The university said data was normally restored through a backup service and on no occasion was ransom paid in return for the release of data.
8. At least 28 NHS trusts hit with ransoms for patient data[11]
A freedom of information request revealed that 47% of NHS Trusts in England have been hit by ransomware in the past year.
60 trusts responded with 31 withholding information with many citing patient confidentiality. However, 28 confirmed they had been victims of ransomware threats. Only one Trust said they had not been hit in the last year, but that they had been infected in the past.
The NHS’s Lincolnshire and Goole Trust cancelled surgeries and diverted trauma patients after a virus infected its electronic systems in October. The Trust did not say what kind of virus infected its systems, but security experts have concluded that it was probably a ransomware attack.[12]
Datto has become a global expert in defending from ransomware attacks, and has put together a resource on ransomware supporting its new enterprise-class ransomware protection for small and midsized businesses. The solution detects ransomware attacks and alerts administrators immediately, so they can roll back systems to a point in time before the attack happened. The solution shortens downtime giving companies an effective and reliable alternative to paying a ransom.
Three tips to protect your business from ransomware
There are three main elements within a ransomware prevention strategy.
Education
Educate anyone with access to company email, computers, and servers through a cyber security user awareness training program, aimed to educate them about the dangers of social engineering schemes and phishing scams. Teach good security practices about email attachments and stress the importance of diligence.
Antivirus
Antivirus software is the second layer of a sound defense against ransomware. Antivirus protection can prevent thousands of attack attempts per day. In the case that an employee does click a malicious link or downloads a Trojan-containing attachment, antivirus will often save a system from full-blown infection. However, new strains of ransomware are appearing, often at a faster rate than antivirus can protect against them, so eventually, the probability that an infection will succeed is high.
Total Data Protection
The ultimate failsafe in a layered defense strategy against ransomware includes having backup. A data protection solution will automatically take snapshots of your data and systems at regular intervals, and store the data in a secure location. Should ransomware successfully penetrate your layered defenses, you can simply ‘turn back the clock’ to a snapshot of your business before the attack happened. No ransom, no downtime, no problem.
To find out more, visit http://www.datto.com/uk/ransomware
[su_box title=”About Datto” style=”noise” box_color=”#336588″][short_info id=’61267′ desc=”true” all=”false”][/su_box]
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.