Ransomware attacks against Irish businesses on the rise

Irish small to medium sized businesses (SME’s) have been advised to stay on alert for cyber attacks as ransomware attacks increase.

In a letter sent to Ibec’s Small Firms Association by the National Cyber Security Centre (NCSN) and the Garda National Cyber Crime Bureau (GNCCB) they have warned of “a trend of small and medium-sized businesses being increasingly targeted by ransomware groups”.

In the past, these groups typically focussed on larger organisations. However, they noted that "recently there have been several smaller Irish businesses impacted by ransomware".

Speaking on the increase in attacks on SMEs, Director of the NCSC Richard Browne stated that, "We have been dealing with the threat of ransomware for some time; however, we have seen a noticeable change in the tactics of criminal ransomware groups, whereby rather than largely focussing on Governments, critical infrastructure and big business, they are increasingly targeting smaller businesses. This is a trend that has been observed globally, and Ireland is no exception with several businesses becoming victims of these groups in the past number of weeks."

What is ransomware?

A ransomware attack is malware designed to deny an organisation access to files on a computer or its networks. By encrypting these files, malicious actors will demand a ransom in exchange for a decryption key that will allow them to access the encrypted files.

Often ransomware gangs also threaten to leak sensitive stolen data if a ransom is not paid.

Ransomware payments

Both cyber authorities have cautioned ransomware victims against paying ransom to cybercriminals saying that they do not"encourage, endorse nor condone the payment of ransoms".

Detective Chief Superintendent Paul Cleary, Head of Bureau at the GNCCB, stated that, "There is no guarantee that paying a ransom will lead to your data being successfully being decrypted or prevent the data from being leaked online. In fact, it may lead to your organisation being targeted again, with some research showing that up to 80% of organisations that pay are attacked again."

"Reporting incidents allows us to fully investigate these cyber-crimes and helps us to identify trends and methods used by attackers so we can provide cyber safety and network protection advice to the public and the corporate sector".

How to protect from ransomware

When it comes to defending against ransomware attacks, as with any cybersecurity attack, there are two sides of the coin; the threat of attack and the defence against those attacks. One cannot exist without the other.

The greatest threat to any business is a cybersecurity breach and having a good defence plan will help keep your business safe from these breaches.

When building a plan to defend against attacks, your plan should include the following:

1. Have a backup system in place

Data loss through ransomware attacks can cause massive problems for businesses. Trying to get back the vital lost information can be an expensive and time consuming exercise, and in a majority of cases, information recovery is highly unlikely.

While there are preventative steps businesses can take, the best way to protect from data loss is having a robust back-up system in place.

The backups should be regularly tested and updated. That way, you will:

• Have the latest up-to-date information
• Know the the back-up created is working
• Be able to recover your data and restore the data quickly and efficiently in the event of a disaster.

2. Keep your software updated

Keeping your software updated is an important factor in security. Hackers are always on the lookout for unpatched computers and devices to exploit. It's essential to keep the software you use in your business up-to-date in order to protect yourself from cybersecurity attacks.

This includes updating any core system components such as applications and operating systems.

3. Remove default user accounts

It's not uncommon for servers, network devices and software applications to come with default user accounts and passwords applied to administrative accounts. These credentials can be easily found on the internet which can be a significant security risk because a malicious actor can then easily gain access to potentially sensitive data.

As such, the best way to mitigate this type of risk is to either remove or disable these accounts and set up similar accounts with usernames and passwords that will not be easily guessable.

4. Develop policies and procedures

Create an incident response plan so your team knows what to do during a ransomware attack.The plan should include defined roles and communications to be shared during an attack.

When creating policies and procedures for your business, clear and specific rules should be outlined for your employees. These will help in guiding your workforce through situations they may encounter such as what to do in the event of receiving a phishing email or how to report a cybersecurity incident.

Your policies and procedures are also a platform to demonstrate your businesses approach to cybersecurity and will assist you in building the foundations of a strong culture of cybersecurity throughout every aspect of your business.

5. Train your employees

Humans are the weakest factor in a businesses cybersecurity efforts. According to a recent report by IBM, 95% of all breaches were due to human error.

Employees whether working remotely, or in the office can make mistakes that could potentially put your business at risk.

Educating your employees is key to ensuring your SME is protected from a cybersecurity attack. To be effective, training must be consistent, engaging and give the remote workforce real life examples of what to look out for.

Training should include specific rules for email, web browsing and social networks. Businesses should also include training on social engineering attacks such as phishing, password vulnerabilities, router hardening and protecting work devices while working remotely.

Your employees should also be encouraged to report suspicious signs immediately. Even if it turns out to be a false alarm, it might still be beneficial to the employee by clearing up errors in their device that hamper productivity.

How can we assist in keeping your business secure

Identifying cyber security vulnerabilities without the input of an expert can be a difficult task.

At Secora Consulting, our experts provide a range of services that can help you to assess the security of your organisation.

• Our cyber security assessment focuses on gaining an insight into weaknesses in your organisation's current security posture which may make you vulnerable to the most common cyber-attacks.
• Our baseline assessments focus on quickly bringing your systems in line with best practices by identifying missing patches and known issues in your systems.
• If you are interested in a more in-depth assessment of your infrastructure, ask us about our penetration testing services, where we will identify and exploit vulnerabilities in your network, showing just how far an attacker could get.

If you have any questions regarding ransomware or are unsure if the steps you are taking to help keep your organisation secure are working. Get in touch!