2014 sees rise of aggressive cyber attacks

CryptoLocker attack shows why SMEs need to protect themselves now more than ever, says Databarracks.

  • Monday, 3rd March 2014 Posted 10 years ago in by Phil Alsop

2014 has started with a bang, with cyber-criminals upping the ante of malicious online attacks. As a result, companies today have to be more aware than ever of how to protect themselves against the maturing tactics used by hackers. Since the end of 2013 we have seen an increase in both the number and the ferocity of cyber attacks. The CryptoLocker ransomware is a good example of how criminals continually evolve their methods. CryptoLocker comes in the form of a phishing email containing malware disguised as PDFs from banks, couriers or other seemingly legitimate sources. Once opened, the malware encrypts the entire contents of a hard drive, as well as any shared drives it can see.

To obtain the key to recover your files you have 72 to 96 hours to pay a ransom of around two Bitcoins (over £1000 at the current exchange rate). It is virtually impossible to break the strong cryptography without the key, so unless you have recent backups of all your data, there’s usually little choice but to pay up.

The scope of those affected has been huge. For companies that have recently backed-up their data, the restore process is fairly simple and as a rule causes minimal disruption to the organisation. Those without backups, and without the available funds to pay the ransom, have been faced with the often catastrophic prospect of losing all their data – something that would be particularly devastating for SMEs.

However, Peter Groucutt, managing director at Databarracks, believes that all is not lost for SMEs, as long as they get the security basics right: “On the face of it, CryptoLocker poses a terrifying threat, but SMEs should not be caught in the headlights. Rather, they should undertake some simple, but crucial, security checks and implement policies that serve to protect their systems against such attacks.

“Staying up to date with the latest developments is an important starting point. Half the battle is knowing what to look out for; if you recognise a suspicious email as a threat, the whole security incident is avoided.

“It’s also critical to keep your antivirus software up to date as, nine times out of ten, it should detect and contain the majority of threats. Failing to do this leaves you as the most vulnerable target for hackers.

“You have to communicate security risks throughout the company,” Groucutt continues. “It only takes one employee to open an infected email for your whole business to be affected. Have clear policies in place for risk management, and make sure that your team understands the recommended procedures to follow in the case of a breach. As well as helping to prevent an attack in the first place, stringent procedures help to get incidents under control quickly, reducing the amount of overall damage caused.”

Finally, Groucutt urges SMEs to ensure that they regularly backup their data: “If you do get caught out by malware, backups can be your saving grace. Backup systems that provide versioning allow you to roll back to previous, unaffected copies of your files.”