7 minute read
Ransomware attacks
Ransomware attacks
Aivaras Vencevicius sets out the dangers posed by ransomware attacks and what you can do to protect your financial data.
The prevalence of ransomware attacks is on the rise, and major companies like Reddit, SpiceJet, Ferrari, Acer and Kia Motors have fallen victim to these attacks. Even Royal Mail suffered a crippling ransomware attack earlier this year. It is often assumed that only large, highly profitable companies or public institutions are targets of these types of threats, but this is a misconception. The truth is that small and medium-sized businesses are equally at risk, as demonstrated by a recent NordLocker study, which found that companies with 11-50 employees and those with 51-200 employees were the most commonly impacted by ransomware in the 2020 to 2022 period.
Ransomware and consequences
Ransomware is a type of malware that encrypts a company’s data and demands a ransom, usually in cryptocurrency, in exchange for the decryption key needed to restore access to the files. Cybercriminals have become increasingly sophisticated in their tactics, often using social engineering techniques to trick victims into opening infected files or clicking on malicious links. They may also use advanced hacking techniques to gain access to an entire network, infecting multiple systems at once. Once the ransomware has infiltrated a system, it begins encrypting files, rendering them inaccessible to users.
It is important to understand that all businesses, regardless of size, industry, location, number of employees or income, are at risk of ransomware attacks. An encryption company’s NordLocker study found that financial companies became the second most affected industry by ransomware attacks in 2022. Therefore, it is crucial that businesses take proactive measures to protect themselves against these threats, such as implementing strong cybersecurity protocols and training employees to identify and avoid potential threats.
‘It would be a mistake to think that hackers put a lot of effort into finding a catch. It is important to realise that we are all just a string of numbers on the internet, and that is how actors see us, by our IP address. Whether a company has billions in profits or is just a one-employee, small company, everyone is vulnerable to ransomware attacks,’ says Aivaras Vencevicius, head of product for NordLocker.
The consequences of a ransomware attack can be severe, including reputational damage, financial losses and the exposure of sensitive data. While paying the ransom may seem like a quick solution, it only encourages further attacks. However, many companies opt to pay the ransom after assessing the potential damage to their business.
Ransomware in the finance sector
Research by NordLocker has revealed that the financial sector experienced a significant increase in ransomware attacks last year. With 120 incidents in total, the sector was ranked as the second most targeted industry worldwide in 2022. This represents a considerable rise from 2021 when only 4.8% of all ransomware attacks were directed at the financial sector. In 2022, the financial industry’s vulnerability increased by 0.8%, with these organisations being targeted in 5.6% of all recorded ransomware attacks.
While the manufacturing, construction and transportation sectors have traditionally been the most frequently targeted industries for ransomware attacks, last year saw a shift in focus toward the financial sector. This change highlights how cybercriminals are adapting their tactics and emphasise the critical role of implementing robust cybersecurity strategies to address emerging threats in the finance sector.
‘This change may suggest that threat actors concentrate their efforts on specific regions or industries. We’ve noticed that finance companies have become increasingly worried about their cybersecurity. Companies are noticing an increase in cyberattacks in this sector,’ says Aivaras Vencevičius, head of product for NordLocker.
What should you do if you’re a victim of a ransomware attack?
In the event of a ransomware attack, it’s likely that the damage has already been inflicted and your data compromised. However, there are still crucial steps to follow.
Initially, it’s vital to document key information about the incident. Nevertheless, it’s equally important to seek advice from an expert to understand what factors need consideration.
Following this, it’s urgent to deactivate all devices immediately. Ransomware can proliferate through networks, so it’s advisable to disconnect any other devices on the same network, prioritising those that are most critical to you. These often include network-attached storage (NAS) devices, servers, computers, phones, tablets and any other devices housing valuable data.
Lastly, but certainly not least, update your passwords – particularly for crucial accounts such as cloud storage, email, banking and business accounts.
However, keep in mind that once a ransomware attack has taken place, it’s typically too late to safeguard your data. Thus, the most significant action is to anticipate such events and begin fortifying your company’s cyber security today.
How can you ensure safety?
Global experts agree that ransomware attacks are likely to escalate and become more intricate. However, the silver lining is that defenses against such threats are also advancing. Despite the daunting nature of these threats, it’s crucial for financial institutions, accounting firms and all businesses to understand that they have a plethora of solutions available to help safeguard their company and customer data.
With the appropriate cybersecurity tools, businesses can securely store, share and manage even the most sensitive information without requiring specialised knowledge in this area. The threats may evolve to be more complex, but the security tools will also advance accordingly.
The key point here is that every financial institution – regardless of its size, location, client base or volume of daily document processing –needs to take action now and start enhancing its data security before it’s too late and company data becomes exposed. The success of a company’s business operations hinges on this.
The best actions to start with when implementing practices to protect businesses from ransomware are as follows:
Statistics
● Over the last two years, the infamous LockBit ransomware gang, linked to Russia, was responsible for the majority of attacks against the financial sector.
● In 2022, US-based companies suffered the most attacks, with 58 incidents reported. The UK followed with seven attacks, followed by Canada and Germany with four.
● April 2022 saw the highest number of attacks on financial companies, with 19 incidents reported.
● Ransomware groups do not differentiate by company size or profit. Over the last two years, the targets have been companies with 11-50 employees (66 attacks), companies with 51-200 employees (47 attacks) and companies with less than ten employees (26 attacks).
● Cybercriminals have also targeted companies with profits of $10-25 million (28 attacks), $1-5 million (11 attacks) and less than $1 million (8 attacks).
The data illustrates that the scale of a company or its earnings are inconsequential when it comes to ransomware attacks, and even the nation doesn’t play a significant role. Last year saw ransomware attacks impacting 91 countries globally, with the UK being responsible for 6% of the total global onslaught. This represents a substantial surge of 2% in comparison to 2021. Given the thousands of businesses impacted by such attacks, the UK is at the forefront.
● Encourage employees to practise proper file hygiene, encryption and backups: File hygiene and backups can’t stop cyberattacks, but they give the company leverage. Even if a company becomes a target of ransomware, the ability to restore data immediately will guarantee business continuity. If the company keeps files encrypted, the information will be unreadable to hackers.
● Encourage cybersecurity training: Investing in your employees’ knowledge is the most costeffective way to protect your organisation from ransomware because 82% of cyberattacks happen due to human error. Training should be organised regularly and include every employee.
● Keep software up to date: Most cyberattacks either use social engineering to exploit the flaws in human nature or malware utilising outdated software. Ensure that everyone understands the importance of keeping software up to date.
● Adopt zero-trust network access: This means that every access request to digital resources by a staff member should be granted only after their identity has been appropriately verified.
Businesses globally have begun prioritising their cybersecurity – a move that proves to be costeffective and efficient. This is particularly critical for financial companies, which stand to lose more than just money. They risk losing data, productivity and, most importantly, their reputation. Thankfully, managing cybersecurity has become more straightforward than ever before.
For further information, see ‘A quick guide to data security’ at tinyurl.com/45hjbhas