Ransomware threats remain prevalent within small to medium enterprises, taking multiple forms and requiring organisations to take a more proactive stance to protect key data and intellectual property.

ransomware attacksMedia reports of ransomware attacks in virtually every industry emerge on almost a daily basis, as deploying ransomware is relatively easy for criminals to execute with the potential for significant rewards. We have seen the disruption and devastation caused by ransomware to organisations such as Toll, experiencing two attacks this year, and Travelex, forcing the foreign exchange company to temporarily shut down thirty websites.

Cybercriminals typically employ two different tactics for ransomware attacks. The first is a very basic strategy, repetitively sending fraudulent emails from fake or compromised accounts with no discernible pattern. The second is a more sophisticated campaign, specifically targeting vulnerable networks or systems.

Unfortunately, with more people working remotely in response to the COVID-19 pandemic, criminals have greater access to vulnerable networks.

ransomware attacksIn many cases, the majority of company workforces are working remotely and these working conditions often do not have the same level of security protections as when operating in the office. In the rush to implement new remote policies as the Government restrictions tightened, security may have been an afterthought, inadvertently creating increased opportunities for malicious attackers to strike.

In June this year, Emsisoft released a Ransomware Statistics for 2020: Q1 Report  identifying a trend that ransomware groups no longer plan to simply leak data, but increase “their blackmailing efforts and threaten to sell stolen data to competitors, use stolen data to attack victims’ business partners, and publicise victims’ “dirty secrets” on the clear web for all to see.” A ransomware attack has grown from being an inconvenience and reputational hit to potentially rendering an organisation irrecoverable.  

RSM US also recently completed an analysis on small to medium organisations who have fallen victim to various ransomware attack, noting that the top three controls that most organisations were lacking in defending a ransomware attack were:

  1. Network segmentation
  2. Restricting and disabling end user’s local admin privileges
  3. Two-factor authentication for email.

Once malicious attackers gain access to an organisation’s network, they attempt to lock areas of the network or files that contain critical organisational data. A message is sent to the organisation detailing areas that have been encrypted, including a ransom note with the amount necessary to unlock files before they are destroyed. In many cases, organisation chose not to pay the ransom. However, the effort required by organisations to regain access to their files can be both time-consuming and costly.

ransomware attacksRansomware has always represented a concern for organisations, but the threat has escalated in recent years. Stolen data has flooded the underground market and may not have as much value as it had previously. Emsisoft and RSM US’s reports outline how, in a ransomware attack, the criminal is not always concerned with selling stolen data. In some cases, there is a sole focus on collecting a payment for unlocking an organisation’s network or data.

With its relative ease and potential high rewards, the global ransomware threat shows no signs of slowing, with malicious attackers not necessarily targeting a specific size or type of organisation. To combat ransomware, small to medium enterprises must implement a proactive security framework that includes:

  • Increased awareness training throughout the organisation, detailing common attack methods
  • ransomware attacksIncident response planning and testing
  • System backups securely segmented
  • Network segmentation
  • Restricting and disabling privileged access
  • Two-factor authentication
  • Patch management programs and monitoring of your vulnerabilities through proactive scans.

HOW CAN RSM HELP?

If you have any questions regarding ransomware attacks, contact your local RSM office.

This article was adapted from an article published on the RSM US website on 14 May 2020.