Ransomware Attacks: what cost?
February 2020 by Colin Tankard, Managing Director, Digital Pathways
Ransomware is a form of malware that denies access to a victims system and data, only releasing it once a ransom of some kind is paid. Some such attacks can be reversed quite easily whilst other, more advanced, threats make use of cryptoviral extortion, which make files inaccessible until a ransom has been paid, in order to decrypt them.
(c) Boguslaw Mazur
There is nothing new about this form of hack; we have seen many such instances. However, none have illustrated just how devastating the effects of a serious ransomware attack can be, than that of Travelex, the foreign exchange company.
Travelex realised it had been the victim of a ransomware attack on New Years Eve, 2019, turning off its computer systems in offices and currency shops across Europe, Asia and the US, so as to prevent further damage. Its website went down too, across some 30 countries and its cashiers had to return to using a pen and paper.
Not only were Travelex hit, but all of the other businesses, which relied on their services. Big names such as Lloyds, Barclays, Royal Bank of Scotland, Sainsbury’s and Tesco, all of who used the Company for their foreign notes and who therefore, also suffered disruption. And, give a thought for all of the people who suddenly had no access to foreign currency, wherever they were in the world.
The hackers, reputed to be Sodinokibi or REvil, were demanding some £4.6million for the return of data. Fortunately, it seems that there is no evidence that customer date has been compromised. It is the advice of law enforcement agencies that you should not give in to the extortion attempt and certainly the Travelex situation is being investigated by the authorities. The most usual ransomware attacks take hold from the use of email attachments and web drive-by infections as well as tainted links in emails.
The onus therefore has to be for organisations to step up their awareness of the dangers of phishing emails, teaching their employees about the dangers potentially borne by emails.
The backing up of important files and documents is essential. However, the backup should be stored in a separate place, since many strains of ransomware aim to move laterally to find further data to encrypt, such as that held on file shares or other parts of the network. Once a backup is made, it is imperative that it is checked to ensure that it is recoverable.
Another precaution is to tie down access controls so that a user can only access data that they really need to. Privileged accounts should be carefully managed and no one should be given excessive privileges. Use the principle of least privilege. User activity monitoring and alerting will help to weed out risky behaviour, and will potentially help to stop unwanted user actions. This will also help to identify users engaging in the riskiest behaviour so that they can be singled out for extra attention before the business is put at risk.
If the worst happens, remember that organisations must notify the ICO within 72 hours of becoming aware of a personal data breach unless it does not pose a risk to people’s rights and freedoms. Under the General Data Protection Regulation, a company that fails to comply can face a maximum fine of 4% of its global turnover.
Falling victim to such an attack is not only potentially financially devastating, it can severely damage reputation, market share and in the very worst of cases, business failure.
Every organisation should be ensuring their cyber security strategies are robust, employees correctly trained and that every reasonable precaution is in place, to thwart such attacks.
According to the Travelex UK website, as of January 30, 2020, their customer facing website has been recovered for UK customers. However, its seems that the worldwide site remains down.