REvil, Wizard Spider, Grief, Ragnar, they sound like they should be in a Marvel comic.  But there’s nothing funny about these guys.  Operating in countries that do not cooperate with international law agencies and not caring who they attack, including health care organisations, Ransomware gangs are on the increase.

Ransom money in the millions has been paid by some very respectable companies, in order to recover access to their data and keep their companies going.  A quick trawl of the internet produces results that how diverse ransomware targets are.  Whilst the largest target area appears to be the US, the UK targets have included Amey, Hackney Council, Wentworth Golf and Country Club, Scottish Environment Protection Agency, UK Research and Innovation and last month, Serco.  (Source Blackfrog).The way it works remains relatively the same, regardless of the method used.  Criminal gangs hack into connected IT systems, lock access to them, and then sell a decryption key in exchange for payment in bitcoin.  They have targeted schools, hospitals (you may remember the well reported attack on the NHS a couple of years ago), councils, airports, government bodies (local and central), insurance companies, this list is far from exhaustive.

Anyone who is connected to the internet, is vulnerable to a Ransomware attack.  An emerging sweet spot though, is mid-sized companies that generate enough revenue to make them a target, but aren’t yet large enough to have dedicated cybersecurity resources on board.

Make no mistake, these hackers operate as organised gangs who compartmentalise themselves into specialties.  Some specialise in identifying compromised systems and gaining access, whilst others handle the ransom negotiations.  These hackers operate as organised gangs: some members specialise in identifying compromised systems and gaining access, while others handle the ransom negotiations. It is not uncommon for an investigation to see cryptocurrency transferred into many different cyberwallets).  These gangs to have a ‘signature’ which is often recognizable.  REvil and Psya have flair whilst Ryuk are somewhat robotic in their approach.

A worrying trend is that recently, these gangs have pivoted into extorting individuals.  If victims don’t pay, their data is dumped online, or sold on the dark web to the highest bidder, and of course, there is no way of ensuring that the data isn’t sold anyway, regardless of the victim paying up.

Of course, most people don’t have incriminating or embarrassing data on their private systems, but some do, particularly important people in the public eye for whom data release can be at least damaging, if not crippling.  According to a report from cybersecurity software firm Bitdefender, attacks increased by 485% in 2020 alone. “It’s taken off since Covid because we have more people working from home,” says Sophia, a crisis communications expert who specialises in advising companies who have been targeted by ransomware hackers. Poorly secured remote access logins are a common route in. “More of a digital environment leads to more points of entry for the attackers,” she says. “The last year and a half has been a whole new ballgame.”

So, if you are running a medium size business, or perhaps running a local organisation using your own home systems where you have personal data belonging to others which you are obliged to protect under the DPA2018/GDPR, then you are a target and you need to take some precautions against an attack of this nature.  If you want to know more please don’t hesitate to contact us for a chat.  We specialise in looking after SMEs and understand your challenges.

Think phishing is old news? You won’t believe why it’s still the number one nightmare for CEOs and business owners. Ever find it odd that phishing, an old trick in the cyberbook, keeps CEOs awake at night? Guess what, it’s not budging from that top spot.

Here’s the deal: cyber villains always stay ahead. If you develop a shield, they craft a spear. They’re all out to make your employees act impulsively, falling into traps on all communication fronts.

Ever thought about arming your business against phishing, without the tech jargon? Let’s discuss uncomplicated, everyday measures to secure your digital turf.

1. Training: Educating your team about phishing scams is the first step. A well-informed team can spot such scams.
2. Double-checking: Emails from ‘official’ sources often aren’t. Encourage your team to verify before replying.
3. Regular updates: Keep your systems and software updated, they often include security enhancements. Phishing is a persistent threat, but with the right non-technical measures, your business can uphold security. Ready to fortify your cyber defences? I’m here to help.

Questioning the efficiency of your cyber defence is valid. But to provide any assurance about your training methods we need to monitor and measure.

Explore our Protective Monitoring service. For just a tenner per user, it’s a shockingly affordable way to both test your defences and uplift your team’s cyber consciousness – all under that ten-pound note. Zilch hidden charges, and a 14-day free trial to sweeten the deal.

From simulating phishing to rooting out insider liabilities, and safeguarding email privacy to mobile security – we’ve got you covered with a whopping 28 distinct campaigns. Are you prepared to test your cyber fortitude?

These campaigns won’t help against point number 3, regular updates.  For most that will mean ensuring that regular updates on desktops, laptops, tablets etc, are switched on and can’t be switched off.  But of course, installing these updates can be a problem and users regularly try to find ways to delay it, or cancel it, because they find it an irritation.  And you are at the mercy of cloud providers and other suppliers to ensure that their systems are patched fully, and on time.  What if you were running an anti-malware system that made updates and patches, not obsolete, that would be nice, but far less urgent because it stops executable files from running, unless you have said they can.  Give us a call to discuss, it really is innovative.

Here’s a challenge for you: Take the right steps to fortify your cyber walls.

Many of you outside of the legal profession might not have heard of the Ince Group and what happened to it. The 157-year old law firm collapsed into administration last year following a cyber-attack. To be fair a much bigger crisis came after it was rescued by a firm that almost no one had heard of. There are many out there much better qualified than me, to comment on its legal and accounting problems, I’ll stick to the cyber-attack.

So, what happened to Ince and is it a story of what can happen, in terms of cyber security, to pretty much anyone?

Things started to go south for Ince following a cyber-attack in March 2022, which was later revealed to have cost the company £5m.  Their share price tumbled, and they struggled to get on top of the crisis.  They went from trading at around 80p per share to are the 5p mark.  Pretty devastating for any company of any size.

What was the nature of the cyber-attack?  Well, Ince did everything they could to stop the exact nature of the attack becoming public, but it appears that it was our old friend ransomware.   In March 2022, Ince was granted an interim injunction to stop hackers from releasing confidential data on the dark web if it does not pay a ransom, following the unknown perpetrator threatening to publish the stolen data on the dark web if the firm did not pay a “substantial ransom”.

Now, I don’t know about the rest of you, but given that the perpetrators are already criminals, and are unknown criminals to boot, I’m a little confused as to how such an injunction could have any tangible effect, except to show perhaps, that Ince were taking this very seriously and were trying to prevent the release of client data.

Of course, this was an attack perpetrated on what was, at that time, a major company, publicly listed, and that supports the impression amongst many, that only such companies are targeted by cyber criminals.  Not so.

According to the NCSC, responsible for cyber security in the UK, ransomware continues to be a clear and present danger to UK companies, both at the Enterprise and SME level.  It has now become the most significant cyber threat facing the UK, with the impact of an attack on critical national infrastructure stated in the UK National Cyber Strategy 2022 as potentially as harmful as state-sponsored espionage. There remains a pervasive opinion within SME management, that ransomware only affects the big companies, that SMEs are just too small to provide a level of reward that cyber criminals are looking for.  I also said that there was evidence that when an SME gets hit, the amount asked for is quite small, from around £500 to £1000, and therefore many SMEs simply pay up.  There is of course a real danger there because often their data has already been stolen, and sometimes the criminal doesn’t release the data back to the company, leaving the SME not only out of pocket, but unable to continue with business.

How much better if you can avoid getting hit in the first place.  Here I list some ways that you could perhaps use to avoid the problem.

1. Arguably, the biggest and most effective step an SME can take is Cyber Awareness Training for staff. It is simply a fact that 90% of data breaches are caused by human error.  It is very unlikely that an employee will do something deliberately to damage your business.  But humans are fallible and, if they haven’t had any awareness training, they simply don’t know what they shouldn’t be doing.  Cyber security awareness training remains the most significant step you can take in this regard.  You can’t expect your staff to help you avoid cyber security attacks if they don’t know what they are looking for.  Cyber security is NOT an IT issue, it’s very much a business issue and responsibility lie with everyone in the business.  Clearly this training needs to be part of an overall strategy, which again, need not be complex or onerous.  Most successful strategies follow the KISS principle – Keep It Simple Stupid.
2. The next reasonably low-cost thing that ties in with Cyber Awareness Training and a security strategy is robust, well thought out policies and procedures, that have been rolled out across the work force and are monitored to ensure they remain relevant and that they are understood by all. Giving an employee the means to check what they should do if they suspect there is something nefarious going on, is simply giving them support, it is not there to catch them out or to use as a stick against them.  Many SMEs don’t have any such policies in place and many others have downloaded specimens from the internet, topped and tailed them and expect them to be enough, which they very rarely are.
3. Next think about your backup strategy. Even when you are using a cloud-based provider, that doesn’t necessarily mean that your data is secure, although many providers would disagree, at least in their advertising.  How much better to have a strategy whereby your data is backed up overnight to a magnetic media storage point, which can be taken offline and stored in secure storage.  If you do that, then if you are subject to an attack and your data is locked up, you can have some or all workstations wiped and reloaded, and then have data restored from the tape, all of which would not take most SMEs offline for more than a day.  You then have a breathing space to sort everything out in the longer term.
4. Email remains the top attack vector for many attacks, and this is one of them. There are many products on the market that will tell you that they will block as many malicious emails as possible, and many of these are very good at what they do.  For an SME, it will nearly always come down to a matter of cost and some of these products are more expensive than others.  Unfortunately, there are still a considerable number of SMEs out there, either using the cheapest anti malware product they could find, or even a free product.  You get what you pay for and if its free, you’ve got a problem.  Any product you choose to use must be mitigating an identified risk.  If a risk hasn’t been properly identified and a product selected that covers that risk off, as well as it can be covered off, then you’ve quite possibly wasted your money.

There is a product on the market from Abatis, which takes a very innovative approach to this.  Quite simply it blocks any executable not on your whitelist from running.  It takes a free 30 day evaluation for it to profile your network and build a list of executables that are in use daily by users.  So those that run your applications, email etc, and produces that list for human inspection.  Once agreed, that becomes your whitelist.  It’s extremely effective and so far, we haven’t found another product that takes this approach in blocking all forms of malware, including ransomware.

The overall message I would like to put across to all SMEs, is that you are just as vulnerable as anyone else, to this, and many other attacks.  Have you identified your risks?  Have you identified ways to mitigate those risks, enabling you to maximise your defensive spend.  Or have you just bought into an argument that says that you have a firewall and some anti-virus, you’re using a cloud provider and you’re therefore covered?  I’d welcome the opportunity to have that debate with you.

This is about defence in depth, marrying up people, process, and technology to give you the best protection you can afford.