Birmingham 0121 647 6565
London 0207 871 9995
Email info@cygnia.co.uk
0121 647 6565 Birmingham
0207 871 9995 London
info@cygnia.co.uk

Ransomware

Over the last few years Ransomware has become one of the most reported and feared Malware variants around. Traditionally, this form of attack denies you access to you data, either by encrypting it, deleting certain folders or bringing up a lock screen. The ultimate aim is to extort money from victims by forcing them to buy back access to their files.

This form of cyber attack is particularly troubling as it delivers a “double hit” to companies because they have to deal with the clean-up of the Malware incident and pay a ransom if they wish to recover the data. This means there is a more tangible cost to the outbreak than with traditional Malware and it is more than possible that after paying the ransom, you still won’t get your data back.

Phishing emails, the main delivery mechanism of Ransomware are designed to fool users in to clicking links that install the payload, this is done by sending out fake emails that mimic real emails, they may appear to be from a legitimate source. A few years ago the authenticity of these were more obvious, with fakes easier to spot, but the financial rewards have made the design and sophistication of these emails more convincing and increased their effectiveness of delivering the payload.

 

Statistics at a Glance

UK companies hit by Ransomware

54%

Companies forced to pay the ransom

58%

Ransom demanded more than £10,000

22%

Companies who can defend against it

21%

*Osterman Research, Inc. & Malwarebytes (2016) ‘Understanding the Depth of the Ransomware Problem in the United Kingdom’ : Osterman Research Survey Report


+   Keep an Up-to-Date Back Up

Being able to restore to an earlier version is a key defence against a Ransomware strike. Having users back up their data to the network and having the network backed up offline can ensure that the majority of a user’s files are not lost. It may be wise to have a number of historical backups so that if the Ransomware was a timed payload it is not reinstalled as part of the remediation.


+   User Awareness

One of the key methods in the fight against Ransomware is user awareness and vigilance. Regular user security training can prevent a large number of infections, as well as warning the users of new delivery techniques and scams that are in use. There may be attacks tailored to certain points in the year, (E.g. an online retail event), current news updates or phishing attacks that target employees who are new to the organisation. There are online security services that can test employee’s vulnerability to being hit by Phishing attacks, which will increase their suspicion towards unexpected emails and lower their susceptibility to a successful attack.


+   Privileged Access Management

Locking down a user to what they can do and access on their desktops and the network helps to dramatically reduce the affect that Ransomware can have. If the attack hits a staff member who only has access to a small number of files, the attack has less chance and ability to escalate than if it strikes someone with administrator rights and full access to their system.


+   Check for Vulnerabilities

Most Ransomware attacks rely on existing vulnerabilities and are not targeted “Zero Day” attacks. That said, with every new strain of Ransomware there is a first wave that has not been seen, making those infected early on more at risk. Keeping operating systems patched and anti-virus up to date is a key way to help protect networks and end points.


+   Look at Advanced Security Options

There are many advanced cyber solutions on the market that provide new ways of handling suspicious code and packages. These new solutions can be both gateway and endpoint based with many including “Sandboxing” technologies that look to replicate what the code is doing in a virtual environment and make assessments to its trustworthiness. Other solutions remove unnecessary parts of the code, possibly in conjunction with the sandbox. As mentioned, reducing a user’s privileges can help stop the escalation and solutions that provide a lock down on this are also helpful in the fight against Ransomware.


+   Paying Up

Paying the ransom is always an option for the victim and may be the only way to retrieve important files that are not backed up. Although with many businesses, repeat custom is easier than finding new and it is likely the attacker will return to claim another ransom once they know the victim pays up. So ensuring added or up to date security is applied quickly becomes essential.


Ransomware is likely to be around for the immediate future, with more twists and variants arriving, adding to the huge list of Malware nasties in existence. If you wish to know more about the threats and how to protect yourself, Cygnia Technologies can help.

 

 

We knew the technology could do the job and was reasonably priced. What won us over was how helpful Varonis and Cygnia were. They were really keen to help set up a demo, and were able to move quickly to get us up and working in a matter of days.

Karl Kroger – Data and Security Administrator, Ipswich Hospital NHS Trust

Having worked with Cygnia for a number of years, we trust them to advise on our security infrastructure. Their recommendations on defending against cyber attacks is critical to our business. We are already seeing the benefits of this new technology and could not be happier with the implementation process.

Paul Stern – IT Network and Security Manager, Arriva Trains

Network security is imperative to C24, it is one of the defining areas of our business. The expertise of Cygnia around this area provides us with comfort, and in turn has allowed us to reassure our customers that their security is covered. We have also come to recognise that the service provided by Cygnia is, in our opinion one of the best in the industry.

Paul Hemming – Managing Director, C24

Implementing a Direct Access solution has made remote working much simpler for council employees; this has seen double the amount of people using the service. As a result the authority will save money by being able to consolidate its property portfolio and staff have benefited from greater flexibility in their work arrangements.

Gavin Booth – Telecoms Service Manager, North Yorkshire County Council

Cygnia’s Managed Firewall Solution has provided us with a great service. Our security is taken care of by experts, so we can focus on running the business.

Infrastructure Manager, DP World London

Cygnia have provided excellent consultancy services and have always responded quickly to support queries and issues.

Pam Rowley, Infrastructure Planning Manager, Staffordshire County Council

If you are looking for a proactive partner to advise you on the latest security vectors and help you get the most out of your Check Point investment I can certainly recommend Cygnia. Their Account Managers, Technical Consultants and Support Team have all been first class.

David Moore – Head of IT, Chiltern Railways