(Updated 17 May 2017 in light of the WannaCry ransomware attacks)
On 12 May 2017, organisations worldwide felt the scourge of one of the biggest malware attacks to take place in recent history. Aptly named WannaCry, the malicious ransomware swept across over 100 countries and infected over 57,000 computers running on out-of-date Microsoft systems.
Here in Singapore, most companies were fortunate enough to remain unscathed by the attack. The Cyber Security Agency of Singapore (CSA) also issued a statement that no critical infrastructure in the country had been affected.
Even so, ransomware attacks are not new to Singapore companies. Last year, homegrown baking supplies company Phoon Huat was hit by a ransomware attack. They got off lucky; the attackers were "just playing around" and so the company didn't incur financial losses.
But for many small and medium enterprises (SMEs) running on old systems and lean IT resources, these attacks can prove financially deadly. In 2016, ransomware attacks on businesses increased three-fold — from one attack every two minutes in January to one every 40 seconds in October. And with over 62 new ransomware families introduced in 2016 alone, it's no surprise that global cybersecurity providers like Kaspersky Lab named it as a key concern.
Now, in the wake of the WannaCry attack, cyber security firms warn of another wave of ransomware attacks. "We do expect copycat activity in the coming days," says Nick Savvides of Symantec to Channel NewsAsia, adding that the next wave is unlikely to contain the 'kill switch' that stopped WannaCry from spreading further.
But What Is Ransomware?
Ransomware is a sophisticated malware that encrypts and blocks access to your files, applications, servers or computers. Until you pay a ridiculously expensive fee to the attacker to unlock your system, your system is basically useless (hence the term 'ransom').
Not only is it insidious and tricky to prevent, ransomware can affect your system through a myriad of ways — emails, websites, thumb drives and more. Attackers also regularly alter their programs so the ransomware attacks avoid your company's antivirus detection.
Here's how a 'ransom' message on an affected computer might look like:
What Makes Ransomware Different?
There are some factors that set ransomware apart from other malware:
- Encrypts (blocks access) all kinds of files on your computers and servers with near unbreakable encryption
- Scrambles your file names so you've no idea what data or how your business has been affected
- Demands you pay money to get it back within a specific timeframe. Once you bypass that, your data will either be destroyed or you'll find the ransom amount substantially increased
- Spreads to other computers connected in your local network to create more damage in your company
- Turn your computers to botnets, so attackers can use them to attack other businesses
Why Target Companies Like Ours?
Because that's where the money is. Although more individuals than companies are affected by ransomware every year, companies are more willing to pay big to retrieve their critical data.
SMEs are a favourite target, because many SME leaders tend to be unaware of the cybersecurity risks out there. Other reasons include:
- Higher likelihood of attackers getting paid, because businesses can't afford disruptions
- Greater damage opportunities because it can also spread to servers in the company
- Easier to exploit because many SMEs use outdated software/hardware. These present security gaps that attackers can pounce on
How Can We Safeguard Our Data?
Prevention is always best when it comes to cybersecurity. Keeping your software and cybersecurity systems and antivirus protection updated, and making sure your employees don't open any file from suspect sources are some of the basic best practices for prevention.
Unfortunately, due to ransomware's insidious nature, it's tough to ensure you're 100% protected, even if you've cybersecurity measures in place.
Once an attack happens, your fastest option (apart from paying the attacker a ridiculous sum) is to recover affected files from your backup system. This depends on whether your backup system is still intact. There are malicious ransomware strains that target backup drives attached to your server, resulting in both your live/actual data and backup being held hostage.
One way to ensure your backup data stays safe from such attacks is to back it up offsite in the Cloud. At AFON, we offer you an advanced Microsoft-backed Cloud Backup solution to safeguard your critical data. It's an offsite backup solution which stores daily server backups in Microsoft Azure's secure cloud storage.
Unlike traditional methods which involve tape cartridges ($6,000 to $10,000) that are unwieldy and susceptible to damage, our Cloud Backup solution gives you:
- Affordable 1-year subscription for offsite backup — no additional hardware is needed
- Secure Cloud data backup to reduce data loss risks from attacks and total site failure (e.g. fire)
- Copies of your latest backup from AFON, with specific time-retention
If you’d like to learn more, please call or leave a message for our IT consultants here, and we’ll be glad to provide more in-depth explanation.