You’ve been attacked with ransomware – what next?

By Miles Reucroft
10-Jul-2017 09:00:00

The recent spate of global cyber attacks owing to the infamous WannaCry 2 and Petya malware programmes has caused consternation in a multitude of industries and countries – they have been indiscriminate attacks that have claimed victims from Telefonica to the NHS. They have also also affected a number of financial advisers, too.

WannaCry virus image 800X355.jpg

In a recent poll among 220 Intelligent Office users, Intelliflo found that some 44% of financial advisers have direct experience of cyber attack. That survey was conducted just before the release of WannaCry 2, as well.

It’s a sight that you hope you’ll never see in your business – a pop up screen declaring that your files have been encrypted, only to be released upon the receipt of a ransom (hence the name ransomware). In the case of WannaCry 2, the payment was set at an initial US$300 in the cryptocurrency Bitcoin.

The clock is visibly ticking on your computer. Much like receiving a parking ticket, you are encouraged to pay early, to take advantage of a lower rate, after which the cost will double. With ransomware, the threat hangs over your data that after the end of a set period of time during which you have not paid, your encrypted data will be destroyed.

To stretch the automotive analogy a little further, you need to be very careful where you park your data. Prevention, as always, is better than the cure.

Short of actually paying the ransom once your data has been infected with ransomware, your options are extremely limited, especially if you have not backed up your data. Hackers prey on this desperation and many firms succumb to the ransom demands.

This is categorically not the best course of action. Ultimately, you are dealing with criminals. What incentive do they have to actually release your data? There have been previous instances of firms paying ransoms for their data, only for the encryption key to infect their systems with further malware. Morally, too, by paying the ransom you are only funding further cyber attacks.

Whilst dealing with a cyber attack is never easy, you can take steps to lessen the impact of an attack on your business.

Regularly backing up your data is crucial. This is your fall back option. If your data becomes encrypted by WannaCry 2, Petya or future iterations of ransomware attacks, what will you do? By having a readily available back up of your data to hand, you can reboot your systems, discarding the infected data to be replaced by the clean version.

If in this instance your data was last backed up three hours before your main data became infected, the loss to your business will only be the three hours of lost data. This, clearly, is preferential to your entire data set being left at the mercy of the moral conscience of your hackers.

As well as backing up your data, consider how it can be accessed. WannaCry 2 and Petya spread like wildfire through outdated Windows systems; indeed, the NHS was operating on the unsupported Windows XP system. If your system is out of date and unsupported, there are no new security patches available for it, increasing the likelihood of an infection.

Remarkably, 10% of Intelligent Office users are operating on unsupported systems. Ensure that you keep yours up to date with the latest patches – they are released to protect you.

It is also worth educating your staff. Malware is often installed via malicious links in emails. It only takes one staff member to open a malicious link. To help you educate your staff, Intelliflo has released a free eLearning course on the topic for Intelligent Office users, offering an overview of the threats and how to identify them.

On top of that, Intelliflo has also partnered with NCC Group, global experts in cyber security and risk mitigation, to provide a helpline to all advisers who have been affected by ransomware or any other cyber attack, or simply if you have any questions about your cyber security arrangements.

So, if you have been attacked with ransomware, the what next very much depends on the what before – ensure there is continuity planning in place and anticipate a cyber attack. That will make your next steps after any attack much more straightforward.