Real life ransomware example

Recently a member in practice brought this story of a ransomware attack to our attention:

The client had ransomware introduced onto their server by the heating engineers upgrading software that controlled the office heating system. Clearly the heating engineers were the victims of the attack as well. The client actually paid the ransom but the decrypt codes didn’t work. The police had put them in touch with someone who did bitcoin payments.

The fortunate thing here was that their key work flow system was cloud based. They did however lose the whole accounting data set which, contrary to advice, they didn’t have backed up separately. They survived this because we had just done the year end management accounts so had the numbers we needed.

Lessons to learn

There are some useful lessons to be learned from this experience. The impact of such an attack could have potentially been reduced if the victim had followed the advice we recently provided, How can I defend against ransomware?

  • Data backups – having a well-constructed backup strategy that is appropriate to your organisation is a key method to recover from the impact of ransomware. Regularly testing the restore process is essential.
  • Do not pay the ransom- there is no guarantee that the criminals will provide viable decryption codes.
  • Reporting the incident to the police – cyber crime is funding organised crime.
  • Controlling access to data and networks – by controlling access to your data you can significantly reduce the spread of ransomware. It is also worth considering having separate networks for building systems (HVAC, security and CCTV for example) and the office data network. This is a valuable protection method but can increase complexity and reduce the integration of systems. For example, having segmented networks may make it harder to monitor systems from one PC.
  • Use of cloud based systems – Are you able to maintain the security of your data to the same level as a professional IT service provider? Using cloud based applications improves security, increases flexibility and reduces the cost of application maintenance.
  • Supply chain – In this example, a supplier had access to the office network. Understanding how suppliers connect to your network is essential. Suppliers should only have access to the systems that are essential to the service they provide. Understanding the risk provided by your supply chain (in its many forms) is a central part of risk management.

Being prepared

In this case, if the firm had considered ransomware as a cyber risk then perhaps they could have been better prepared, in the case by having viable data backups.

It can be helpful to consider three layers to managing cyber risk.

  • People – do staff understand the current threats, how to use mobile devices and the need to vigilant at work?
  • Processes – do you have processes in place to backup data, managing access to data and verifying requests (funds transfer of example)?
  • Technology – do you use anti-malware software, use the security provided by the apps you use or make use of secure portals/software when exchanging data with clients?

Cyber security for small firms can be challenging. Many of the techniques used by large firms do not scale down to be used by small firms.  However, the consequences of having no cyber security measures in place can be devastating for an organisation.

Have you been a victim of cyber crime? Are you able to share your experiences and lessons learned? If you have then please contact mark.taylor@icaew.com and we may be able to publish your story here.

Anonymous