One of the biggest threats to SMEs: Ransomware!

By Dr Thomas Martin, Senior Lecturer in the School of Computing, Mathematics and Digital Technology, MMU

Dr Thomas Martin

The threat landscape is wide and varied and has been for some time.

However, the picture painted by recent stories in the news is one of a single shadow looming over every organisation:
Ransomware. Ransomware attacks garner much of the media attention, and while the number of
attacks is relatively small the potential is serious.

A single incident can cripple a whole organisation, causing loss of business, damage to reputation, and potentially even causing the business to fold.

Ransomware operators are well resourced, expertly trained, and highly motivated. The larger organisations with the deeper pockets are the primary targets, but no-one can be considered
completely safe.

There have been variations in the strategies that ransomware operators have used, with many of
them being specifically designed to put pressure on victims to pay.

We have seen ransomware being coupled with data exfiltration, and if the decryption key is not enough to encourage the victim to pay then they are further threatened with having their data released.

A ransomware attack can be combined with a DDoS attack.

Any company will find recovering from a ransomware attack difficult under normal circumstances, but when combined with outages of vital servers it may become impossible.

Where large amounts of customer/client data have be obtained, some ransomware groups have started to contact individual victims seeking smaller payments.

The problem with ransomware is that in the present climate it is highly profitable for those with the
ability and no concern for who gets hurt.

They are not invincible, and there have been several success stories of networks being taken down

However, they cause a lot of harm before they are taken down, and for everyone one that disappears, several more pop up to take its place.

One consolation is that methods that help defend against ransomware are more general than specific.

They are not niche solutions that only solve a specific problem but are more in line with general good security hygiene:

1. User awareness is vital. Phishing emails are one of the most attack vectors for ransomware, and while technical solutions can help block/flag some of these, they will not catch all of them. Making sure that users know what is legitimate and what looks suspect, and what to do when unsure, can help stop a lot of attacks before they start.

2. Upgrade and update. Besides the social engineering, many attacks will exploit software vulnerabilities. These can occasionally be zero-days, problems that are being exploited where no patch exists, but very often these are problems that have been discovered, understood, and had patches made available. Keeping all systems at the most recent patch level can close a lot of exploitable issues.

3. Backup (preferably ones that cannot/are unlikely to be encrypted by ransomware). Backups protect against any number of disruptions beyond ransomware, such as physical damage, accidental erasure, sabotage, etc. However, they are only as good as the degree to which they are up-to-date and the speed at which they can be deployed.

Looking at the recent broader attack patters, it is clear that these few steps can help protect organisations of any size against common threats.

Ransomware and other cyber-attacks are going to be problems we will have to deal with for the foreseeable future, but it is a risk that ultimately can be managed.