Ransomware is the biggest online threat that British businesses face, according to Lindy Cameron, the head of the UK’s cybersecurity wing of the GCHQ. That statement is a long overdue acknowledgement of what many UK businesses already know – that they are increasingly being targeted by sophisticated foreign hackers with the ability to shut down their computer systems until payment is made.
Most of the targets are small businesses such as hairdressers, realtors and stores, who have limited internet knowledge and struggle to protect themselves. In most of these cases, the ransom is paid quietly and services are restored.
But there is a push right now to make the payment of ransoms illegal, in the hope that this will stem the tide of ransoms being demanded. The new study, which was ‘commissioned to support the launch of a cyber campaign collective dubbed #Ransomware, claims that 81% of security pros believe sharing information about ransomware is the key to building better defences”, according to an article in Computer Weekly.
One of the biggest problems to confront is the issue of shame around ransomware. Many victims feel like they made a silly mistake with a phishing email or did something else wrong that put them in harm’s way. They don’t want to admit it, and they don’t want their clients to know, so they would rather just pay the ransom and forget the whole thing ever happened.
Many of the gangs and syndicates behind this wave of ransomware attacks are based in Russia and the former Soviet republics where the authorities are turning a blind eye to activities as they generate millions, often using cryptocurrencies to hide the flow of money.
In her remarks, Cameron noted that the market for ransomware had become increasingly “professional” as hackers profited “from large businesses who cannot afford to lose their data … or to suffer the down time”. Unfortunately, they are easy targets who are desperate to have their services restored.
There is some good news on the horizon. President Joe Biden announced recently that the ransom that was paid in Bitcoin after the Colonial Oil pipeline hack has been recovered, and he sent a clear message to President Putin that the US is poised to strike back if Russia doesn’t do something about this.
And closer to home, the #Ransomware coalition is urging businesses to stand together to combat the threat.
“We need to band together with peers in our industries to look at ways of taking a collective response against ransomware attacks,” said RISCS director Madeline Carr. “Imagine if every law firm, university or utilities provider stood together and publicly stated, we will not pay ransoms. Cyber criminals will follow the money, what we need to do is cut them off at the source.”
It’s very encouraging that the world is starting to take these attacks seriously. But there is, as yet, no clear end in sight. Right now, the best thing you can do is to shore up your cyber defenses and stay smart with your data. That means good password protection, two factor authentication, company wide knowledge about phishing attacks and responsible storage of data. That should be enough for you to escape the unwanted attentions of hackers who will simply carry on searching for easier targets.
If you would like an honest appraisal of the state of your cybersecurity, please get in touch with 2-SEC today. No matter how big or small your company is, we can offer solutions that take the fear away and deliver a robust defence of your critical online assets.