The CyberEdge 2022 Cyber threat Defence Report revealed that over a 12-month period, ransomware attacks affected 73% of UK organisations.
In this blog, we look at the most commonly asked questions on what ransomware is and the dangers it poses to UK businesses and charities.
What is Ransomware?
A ransomware attack is a type of malicious software designed to block access to a computer system until a sum of money is paid.
How does ransomware work?
Access - Attackers gain access to your network. They establish control and plant malicious encryption software. They may also take copies of your data and threaten to leak it.
Activation - The malware is activated, locking devices and causing the data across the network to be encrypted, meaning you can no longer access it.
Ransom demand - Usually, you will then receive an on-screen notification from the cybercriminal, explaining the ransom and how to make the payment to unlock your computer or regain access to your data.
It is important to try and establish how the attackers gained access to your network in the first place so you can prevent future ransomware attacks.
Why is a Ransomware attack dangerous for my business/charity?
If your business fell victim to a ransomware attack, criminals will threaten to publish your company’s data or perpetually block access to it unless a ransom is paid.
What are the potential impacts of a Ransomware attack?
Ransomware attacks can lead to:
temporary or permanent loss of sensitive or proprietary information,
disruption to regular operations,
financial losses incurred to restore systems and files, and
potential harm to an organisation’s reputation
Who is at risk of a ransomware attack?
Anyone with a computer connected to the internet is at risk, including government or law enforcement agencies and healthcare systems or other critical infrastructure entities.
How can I tell if I’ve been a victim of a ransomware attack?
Check your online accounts to see if there's been any unauthorised activity. Things to look out for include:
· being unable to log into your accounts
· changes to your security settings
· messages or notifications sent from your account that you don't recognise
· logins or attempted logins from strange locations or at unusual times
· unauthorised money transfers or purchases from your online accounts
What can I do to protect my business/charity from ransomware attacks?
Here are 6 tips that are recommended by The South East Cyber Resilience Centre to help you protect your company against a ransomware attack:
Always back up your data, as restoring your files from a backup is the quickest way to regain access to your data.
Never click on unverified links, especially when they are from sources or senders that you don’t recognise.
Regularly scan your emails and systems for malware
Only download files from trusted sites
Use a VPN when using public Wi-Fi.
Do not use unfamiliar USB devices.
Download and print our new infographic - 6 steps to help prevent a ransomware attack and display this in your workplace, email to your employees or include in your newsletter.
How a business or charity responds and recovers from a ransomware attack will hugely affect the impact of the attack. The National Cyber Security Centre has a number of resources designed to help respond and recover, we recommend you take a look at the following:
How to recover an infected device – Advice for those concerned if a device has been infected https://www.ncsc.gov.uk/guidance/hacked-device-action-to-take
Recovering a hacked account – A step-by-step guide to recovering online accounts https://www.ncsc.gov.uk/guidance/recovering-a-hacked-account
Backing up your data – How to make sure you can recover your important photos, documents and other personal data https://www.ncsc.gov.uk/collection/top-tips-for-staying-secure-online/always-back-up-your-most-important-data
How can The South East Cyber Resilience Centre help my business?
To help outsmart cyber criminals and toughen up their cyber security, The South East Cyber Resilience Centre (SECRC), has been established to provide businesses and organisations, with an affordable way to access cyber security services and consultancy to help improve cyber resilience.
Businesses and charities in the South East can sign up for free Core Membership online and receive a welcome pack full of practical resources and tools that will help you identify your risks and vulnerabilities and the steps you can take to increase your levels of protection. Through your membership, you will also get regular updates on new threats, designed to help you stay safer.
Sign up via http://www.secrc.police.uk