10th July 2017

Protecting your business from ransomware attacks

Zephyr – the South West Regional Organised Crime Unit (SWROCU) gave an engaging and informative presentation on the Anatomy of a Ransomware Attack as part of the Venturefest Bristol and Bath event series on June 27.

Following a lively debate, the team offered some key take home points to help businesses better understand cybercrime and avoid being targeted.

The team dealt with four main types of attack:

  • Phising  – emails trying to illicit money and/ or security details.
  • Vishing – scam calls trying to do the same as phising.
  • Smishing – SMS text alerts trying to do the same as phising and vishing.
  • Impersonation – attackers trying to gain physical access to your business by means of impersonating another.

The subject of phising was looked at further with the most common use of phising i.e ‘spear phishing’ being explained in more detail.

Spear phising is when the attacker uses a ‘hook’ to get people to ‘bite’. Imagine you are at your child’s sports day when you receive a fake email (which looks genuine) from someone pertaining to have been a photographer at that event, and who can, for a small fee can provide some great shots of your child winning their skipping race.

You don’t even look at the address link that you can use to ‘view the photos’ and as soon as you click on it, you’ve infected your computer.

What’s worse is that you might unwittingly send this on to a spouse or family member, and as they think it’s from you, they also open the link and are infected with wannacry or some other malware on their device.

The other way attackers could use spear phising is by telling you that your business has received a bad review and that they wish to help you keep your reputation. If you use their services you’ll be able to rectify any negative press.

Again, you click on the link contained in the email and you’ve suddenly infected your whole system with ransomware.

Ways to protect yourself from phising

  • Reviewing your social media settings. Can everyone view your Facebook and Linkedin accounts?
  • Don’t forward emails you are suspicious about.
  • Check if the e-mail is personalised e.g. a retailer may always use your first name in its emails to you, but this one says ‘Dear Customer’ – if anything looks different don’t open it.
  • Does the subject line look convincing? Perhaps the spelling is irregular or there is a prolific use of capital letters?

It turns out that many SMEs are not adequately protected against ransomware attacks. It can be hard to engage with companies who have been attacked for fear or reputational damage. However, the Zephyr team need that information to be able to further expand their knowledge in what attackers are using to corrupt a business’ IT system.

However, the Zephyr team need that information to be able to further expand their knowledge in what attackers are using to corrupt a business’ IT system.

One example given was of a company who took over 12 months to fully restore their systems and all their files following a cyber attack.

John Atkins, Detective Sargent at the SWROCU explained the difficult nature of identifying the key players in these attacks due to the length as they go to keep themselves encrypted. It was a surprise to learn that in John’s experience, the citizens he had arrested or investigated for cyber crimes, were all male and aged between 14-24 years old.

John Atkins, Detective Sargent at the SWROCU explained the difficult nature of identifying the key players in these attacks due to the lengths they go to, to keep themselves encrypted. t was a surprise to learn that in John’s experience, the citizens he had arrested or investigated for cyber crimes, were all male and aged between 14-24.

It was a surprise to learn that in John’s experience, the people he’d arrested or investigated for cybercrimes, were all male and aged between 14-24 years old.

Part of the role of the SWROC is using schools to educate their pupils about the seriousness of cybercrime and how being charged with an offence could affect future job prospects especially if you want to go on to work in a tech-driven company.

He said: “Part of the problem is that these young men don’t see their actions as crimes. It is often about attention seeking and showing off to their mates but it can seriously damage their prospects when they come to the employment market”.

He went on to say “The other issue is that parents quite often have no idea that their child is brilliant at coding or a similar tech skill and so these lads are sat in bedrooms across the country seemingly being very quiet and well behaved! Hopefully, by going into schools, we can encourage young people to pursue a legal career using their skill sets.”

Malware or ransomware can seriously damage you as a company and may be devastating if you are a new start-up.

The Zephyr team were able to give some great takeaway tips to help minimise your risk of attack.

Top takeaway tips:

  • Spread the word and use what you know to help protect others.
  • If you’ve been affected and infected by ransomware call the Action Fraud hotline.
  • Use helpful websites such as momoreransom.org to better inform yourself. The National Cyber Security Unit, part of GCHQ, also has a great website and lots of advice for businesses. https://www.ncsc.gov.uk/about-us
  • Educate staff about the importance of being alert and vigilante.
  • Always have a back-up of your systems and do this often
  • Have a plan in place in case you are hit by ransomware – ransomware can leap across networks so unplug your devices as soon as you discover you’ve been hit!
  • Control your networks: make sure staff who leave have their accounts shut down, and only allow staff access to the folders to do their job

Further information on the SWROCU can be found by visiting their website: http://www.zephyrswrocu.org.uk/