Page 79 - Cyber Warnings
P. 79
Who does this effect?
I have seen and heard of many stories were databases have been hit by ransomware. This
includes payroll systems, client databases, supplier databases or even whole business file
servers that hold client confidential documents.
The big question that sits on most entrepreneurs and Chief executives tongue is “Will I go out of
business?” I have personally seen ransomware asking for 500 USD per file to be unlocked.
Popular ransomware Cryptowall, cost the US alone 18 million pounds. This particular
ransomware demanded 200 – 10,000 USD. Cryptolocker has been documented to have made
30 million USD within 100 days. Although these statics are written according to the US, You
must note:
● The UK is still in the top 10 countries hit by ransomware.
● Around 48% of users in the UK hit by ransomware will pay the ransom
● The UK is one of the countries that get hit by higher ransoms.
● Just under 55% of all spam emails in the UK now have some form of
ransomware/Malware attached within it.
● Ransomware attacks in the UK are growing as one of the most popular methods to
attack organisations
● Businesses with over 10 employees are the most common targets
The above points make it clear that black hat hackers are interested in the easy and quick cash
in option. Ransomware is now on the rise as the most popular and profitable method of attack.
Staying Safe
Most businesses do not have a strategic solution for recovery from an attack. Most attacks that
lead to a system being comprised, have at least 2 days down time and lock at least 72% of
employees out of their data for that period.
First we should cover the obvious points of preventing your system from being a target.
Configuring spam filters and email virus scanners will help reduce the chances of being
infected by ransomware, as most ransomware is delivered through an infected email.
IT Security Policy & Privileges, users should be prevented from plugging in removable
storage. This includes their mobile phones, USB drives and other devices, in case their device
is infected with ransomware. Users should not be granted more privileges than needed on each
system. Should ransomware use their account, then the damage would be limited to only files
they have access to.
User Training is important to make employees aware of different types of attacks. Maybe even
looking up and sharing a case study with employees would help them to better understand and
evaluate the risk.
79 Cyber Warnings E-Magazine – August 2016 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
