Your data is at stake: How do you protect against, and recover from, a ransomware attack?

The crippling effect the recent ransomware attacks have had on the NHS highlights the vulnerability of many public services.

Imagine you were about to present next year’s budget report that was urgently due on your finance director’s desk, only to find that you couldn’t access it? How would you feel if this happened to every file you had on your computer? That signed supplier contract, social care files, or a patient record – inaccessible.

This scenario became real for doctors and nurses on 12th May as NHS England, and numerous organisations across the globe, were hit by a ransomware attack which impacted multiple hospitals and in turn patients. This scenario is not isolated and it’s sadly not the first. Those affected by cyber-attacks are estimated to have forked out £780 million in 2016 up from £18.7 million in 2015 – a staggering increase of over 4000 percent.

What was witnessed last week was a common hacker scam; a cyber-attack that is carried out by spreading ‘ransomware’. Often delivered via email, the message tricks the recipient into opening attachments and releasing malware onto their system in a technique known as phishing.

If a device gets infected with ransomware, the virus will seek to encrypt all available files, preventing a user from accessing any documents. A pop-up message usually appears asking for an encryption key to unlock the files. It then demands payment in bitcoin in order to regain access.

Getting an encryption key will typically cost a user any number of bitcoins, one of which is worth more than an ounce of gold. However, higher ransoms are not uncommon, with 20% of British companies being charged over £7,500, and 3% charged over £35,000.

Security experts warn there is no guarantee that access will be granted after payment. Some hackers up the stakes after a few days, demanding more money and threatening to delete files altogether.

Equally disconcerting, if the encryption key is entered incorrectly too many times or the users attempt to decrypt the files themselves, the ransomware will permanently delete the data.

Even if the files are recovered the organisation may be required to report the data breach to the Information Commissioners Office (ICO). From 25th May 2018, the ICO will apply significantly heavier fines for such breaches under the new General Data Protection Regulation (GDPR). 

Aside from ransoms and fines, the impact on the operational side of a business affected by a cyber-attack is in many ways immeasurable. Barts Health Trust, the largest NHS trust in England, has already been hit by a ransomware attack in the last six months. Although the ransom wasn’t paid, 2,800 appointments had to be cancelled due to the attack.

The reputational damage organisations receive from data breaches can be felt long after normal service has resumed, with 57% of the public saying they would consider stopping using a service after hearing news of a data breach. That becomes very difficult if you are a hospital.

Are companies doing enough to protect themselves? Up to date anti-virus and patching are crucial and essential lines of defence, but together they aren’t a silver bullet. When they fail, these five basic tips could reduce the risk of falling victim to ransomware:

  1. Backup your files regularly and safely
  2. Restrict admin rights
  3. Only use macros in trusted documents
  4. Remove or upgrade outdated plugins and add-ons from your browser
  5. Beware of spam or suspicious emails

To find out more about how Agilisys can help your organisation protect itself, get in touch.