Spotlight on ransomware

CERT NZ Incident Response Manager Nadia Yousef provides an insight into ransomware and how organisations can protect themselves.

16 July 2021

Nadia Yousef

Nadia Yousef

Ransomware attacks are a growing concern for organisations following the recent string of high profile incidents across the globe.  

CERT NZ has seen a significant increase in ransomware reports in the second quarter of 2021 (April to June), compared to the first quarter of the year. Reaching a total of 30 reports, this is the highest number of ransomware reports made to CERT NZ within one quarter. These figures reflect an increasing trend in ransomware attacks globally over the past 18 months.

Ransomware can cause huge disruptions to businesses including loss of income, resource and customer trust, and recovering from an attack can be extremely costly.

Attacks of this nature are not specific to one particular industry, or just a concern for bigger businesses. They can affect anyone working online, whether they are an individual or an organisation.

Ransomware attacks are generally financially motivated and cyber criminals target systems that have open avenues for attack. For instance, where someone has unwittingly clicked on a link or attachment contained within a phishing email.

Ransomware is a type of malicious software that encrypts files and stops people from being able to access their files or computer system until they pay a ransom.

Attackers have also begun to steal data and information from affected systems, which they use as extortion material to further coerce organisations into paying ransoms. 

Ransomware infections generally occur through avenues such as phishing campaigns or more complex compromises of vulnerable software.

The impact of ransomware varies from case to case, and depends on an organisation’s security measures for their information and infrastructure.

For example, if an affected business does not have backups it could lose the data encrypted by attackers, which could impact operations. By having a good back up strategy your business will be able to get back up and running more quickly, with the minimal amount of disruption and without giving into attackers’ demands.

CERT NZ doesn’t recommend that anyone pay ransoms. There is no guarantee that you will get your files back. Also, you’re at risk of further attacks if an attacker sees you’re willing to pay a ransom.

If you do experience a ransomware attack, get your network offline immediately. The faster you do this, the more you can contain the spread of the malicious software. Then seek the advice of an IT professional.

If you have paid a ransom and received your files back, it’s important they have the computer professionally inspected by an IT expert to determine if the attacker has planted any other malware on the computer, or created another way to access the computer and your data. You should also work with the professional to identify how the ransomware got onto the computer in the first place to prevent it from happening again.

Ransomware, like other cyber security issues, is easier dealt with by prevention instead of cure. You can protect yourself from a ransomware attack by taking the following simple steps:

  • Be aware of phishing campaigns: As phishing is a common avenue for attackers to compromise and then infect systems, knowing how to spot a phishing email or website can help stop attackers from gaining access to your systems.
  • Regularly install updates on software and devices to prevent attackers from exploiting vulnerabilities which they could use to get into your systems.
  • Implement two-factor authentication (2FA), which is usually a code that’s sent to your phone or an authentication app to verify your identity, in addition to using a password. It adds another layer of security to your logins.
  • Back up business and customer data so if it’s lost or stolen you can recover it quickly. Backing up your data on an external hard drive or cloud service will enable you to access stolen data quickly.
  • Set up logs to record when particular actions are taken on your website and systems, and who’s done them. You will then be notified if any unusual or unexpected activity occurs.
  • Have an incident response plan because no matter how well you prepare, things sometimes go wrong. Having a step-by-step plan will help you take control of the situation if the worst were to happen and will help reduce the impact on your business.

Even with great cyber security in place, things can still get through the cracks. Make sure you have hard copies of all important documentation, like business contingency and incident response plans, in the event you’re unable to access your system.

You can also refer to CERT NZ’s top 10 critical controls for businesses to further guidance on how to prevent or contain cyber security attacks.

10 critical controls