Last night, Twitter was subjected to a massive security breach as many of its verified ‘blue-tick’ accounts tweeted a phishing message about the donation of bitcoins.
Some of the more high profile accounts affected were those of Barack Obama, Elon Musk and Kanye West, as well as US Presidential Nominee Joe Biden, the official Apple account, and billionaires Mike Bloomberg and Bill Gates.
At a time when much of the global workforce has moved to remote working, many employers, companies and employees will need to prioritise their security measures.
If one of the largest social platforms can be breached as Twitter was last night, then every cyber system is vulnerable.
Ransomware is a type of crypto-malware, or bad software, that criminals use to elicit money from you in return for them giving you access to something they have stolen from you.
This typically takes the form of locking you out of your data by encrypting it. A ransom is then sought to promise the provision of a decryption code, or ‘key’, that will unlock access to your scrambled data.
So, do you pay?
What are you meant to do if the ransom is small, the data is valuable to you and you have no other copy of it? If you do pay, this does not guarantee that you will regain access to your data; you may be asked for more money and the criminal may still have access to your data.
Whether you decide to pay or not, you will need to wipe and reset infected systems and try to establish if you have had a data breach. At this point, you might well ask why did your antivirus software not detect and block the attack?
Impact on your business
In some cases, this has resulted in companies going out of business. For example, in 2017 the shipping giant Maersk was hit by NotPetya ransomware self-replicating worm costing them an estimated $300M in recovery costs. The virus spread to and impacted 50,000 systems in just a couple of hours. Fortunately, Maersk survived the attack.
Sadly, there are always criminals who will use social engineering to entice us to visit sites and click links that we shouldn’t.
Throughout the Covid-19 pandemic too, criminals are using pandemic information as clickbait to target hospitals and laboratories who they believe will pay more readily during the crisis.
If you presume that you will be attacked and focus on your incident response plans – and how you can be resilient – you will not need to pay the ransom.
You can do this by:
- Keeping your systems and anti-malware software up to date
- Monitoring your systems for ransomware markers like mass file updates
- Having a good data backup regime in place and keeping copies stored offline
- Training your staff on how to avoid getting infected by not clicking on links and visiting random websites
- Blocking known bad websites automatically
- Monitoring your infrastructure so that you can watch for large data movements so that you identify large data transfers proactively and historically.
Each attack is different, and while law enforcement advises that you should not pay a ransom, your organisation needs to make the right decision taking safety, the impact to your operations, potential income loss and your ability to recover into consideration.
But, what you shouldn’t do is think it will never happen to you because that is when you will be at your most vulnerable and at most risk!
