The heartbreak of a cyber-attack

There is a myth among SMEs that cyber-criminals are only interested in larger companies who they can make more money from. But that’s a misconception as most attacks that we see are low level, avoidable attacks, which cause significant damage.

Imagine coming into the office on Monday morning and all systems are down and your computers are showing the same message: “Your files have been encrypted”.

What do you do? Very occasionally the cyber-criminal may have used an old piece of software that can be decrypted, or they made a mistake and didn’t delete the snapshots. But most cyber-criminals aren’t stupid, far from it. They are constantly evolving, changing tactics and techniques to maximise their chances of getting paid.

In the event of a ransomware attack your best, and probably only, course of action is to restore from your backup.

Forward-thinking businesses will have a fully tested, working backup from which you can restore all your servers in a matter of hours and PC’s can be rebuilt from a golden image getting you back up and running in a few days. 

But how many SMEs test their backups to check that what you think will happen in an emergency actually does? That two-hour restore has become 2 days or 2 weeks. 

Many businesses have backups located in different buildings or data centres but still on the same network using the same credentials as the main network which has now been compromised. Cyber-criminals know you are unlikely to pay if you can restore from a backup, so what do they do? Go after the backups! If they can encrypt or delete your backup, they significantly increase their chances of payment.

The restore is now going to take a week or worse case you have no backups at all. What next? 

Trust me you do not want to be in this situation.  You’ll typically now have two choices - start again with no data (not really viable) or pay the ransom.
How much is the ransom? That depends. We’ve seen this be anything from £3000 to £200,000 depending on your size, and if they’ve found your recovery method. 

Once you’ve decided to pay, then the fun starts. It’s not easy buying even £10,000 in bitcoins, you can’t just walk into your bank, so you need a specialist.

Once you’ve sorted the bitcoins you have to transfer them to the cyber-criminal with no guarantee they’ll respond or ask for more money. All this takes time, and in the meantime, you’re not operational. 

We’ve attended so many of these types of incidents and its heart-breaking especially for small family businesses who can potentially be ruined.

Frustratingly, these types of attacks are largely avoidable by just getting the basics right.

  • Don’t have services such as remote desktop accessible on the internet
  • Make sure users have strong passwords, and ideally add two factor authentication
  • Keep your machines up to date with the latest security updates
  • Install and maintain a good anti-virus program

Prevention is better than cure so if you only take one thing away from this, make sure you have a working, tested disaster recovery plan with offline or cloud backups. Don’t put yourself in a situation where your only option is to trust cyber-criminals.