Ransom notes aren’t written with cut out newspaper letters anymore, but in computer code. Recently, Lincolnshire Council computer security staff worked over the weekend to restore computers and network access after finding themselves the victims of a £1million ransomware demand.They had “no choice” but to shut down everything to reduce the risk of the virus spreading and comply with the demands, according to their CIO Judith Hetherington. The attack was born out of malware from a phishing email opened by an employee. The hackers encrypted and then deleted the files, demanding a £1million in bitcoin in return for the decryption key.
They’ve since been conducting rigorous auditing to ensure all the malware is removed, but this sort of attack happens all the time; organisations are increasingly falling victim and being held hostage, and something needs to be done. Lincolnshire Council’s systems were holding personal data – of residents, council tax payers, children in care, vulnerable adults, etc., and such data needs to be properly protected. The most frustrating thing of all is that its’ loss, along with the loss of that £1million, could have been mitigated had software like WALLIX’s WAB suite been in place. Their suite lets you to protect, monitor and record all your Admin accounts, the accounts most prized and they unlock access to your valuable information. A malicious attack will often seek privileged accounts as they often are the keys to the kingdom.
The Price of Silence
Mid-Atlantic hospital chain MedStar Health also suffered a ransomware attack recently; many of the hospital’s systems were knocked offline and doctors and nurses had to communicate via paper and fax. Such a disruption could prove life-threatening and the data compromised was highly confidential, so of course the hospital paid the ransom. Yet they refuse to divulge how it occurred or was fixed, reportedly to protect said data. The same occurred in February when Hollywood Presbyterian Medical Center in LA suffered a ransomware attack. Often, disclosure only happens when an external company has to fix it, and a recent IBM Security survey of over 700 C-suite executives showed that while 55% favoured more industry collaboration, 68% were reluctant to share incident information outside their own business.
This reluctance to disclose attack details is both disturbing and dangerous, because attacks like these need to be reported and lessons learned; sharing such experiences is how organisations will improve their security posture. Most large businesses are attacked around three times per year but only 15% will be open enough to talk about them. Cyber attackers know that businesses will pay through the nose and want to cover up the ugly details of attacks, so they keep at their tried and tested methods. Hackers definitely share tips and learnings with each other, and now with extensive resources and support networks are even able to function as proper ‘businesses’, employing highly skilled technical staff to work within operating business hours. By not sharing such experiences with our peers, it prevents us from fully realising our potential vulnerability and thwarting future attacks; it leaves us powerless, potential victims in the cyber security debate and sphere.
It’s Only Getting Worse
The thing is, the problem isn’t going to go away, and it’s never going to be safe because hackers and cyber-crime are constantly evolving. Attacks are becoming ever more aggressive and damaging, and they’re not just restricted to Windows platforms anymore; they’ve spread to smartphones, Macs and Linux machines. Symantec report that malware increased at a staggering rate with 430 million new variants discovered in 2015 alone, and they will become smarter and more targeted as they evolve.
So, your business strategy should be evolving in line, to incorporate the best protection against cyber-attacks. Over 500 million personal information records were stolen over the past 12 months, with one leak involving 191 million records. For now, it’s an industry where businesses can get away with not disclosing such ransomware attacks, but as regulations like GDPR on the horizon, non-disclosure in the EU will soon no longer be an option. Don’t be left vulnerable because your data protection software is out of date: WALLIX’s WAB suite means your company always knows who’s looking at and doing what within your systems. It’s also more accurate, thorough, cost-efficient and faster than outdated security setups and allows you to automatically disconnect suspicious Admin sessions.
The Symantec 2016 Internet Security Threat Report warned that cyber-attacks are on the rise (a 35% rise in crypto-ransomware attacks, to be specific), and in the UK more than anywhere else, with up to 2,215 cyber-attacks every single day. Stronger passwords, extra firewalls and employee training are like using plasters on a gaping wound; businesses need a comprehensive strategy that offers complete protection. Lincolnshire Council’s CIO said that “It was a new piece of ransomware that our anti-virus provider hadn’t seen before, so they’ve had to write new files to protect us”. That being the case, would you really feel safe after such advanced malicious code been written? How long would it be before something else new and scary and unanticipated comes along?