Latest

Recruitment Watch

Ransoms – old crimes in new ways
Recruitment Watch

Recruitment WatchIssue 8 | June 2017

Date
26 June 2017

Joe Hancock Cyber Security Lead

Laura Hawkins Cyber Intelligence Analyst

The widespread disruption of the NHS last month thrust ransomware to the forefront of businesses concerns.


Ransoms – old crimes in new ways

The widespread disruption of the NHS last month thrust ransomware to the forefront of businesses concerns. It is likely that these attacks will continue to be a prevalent trend in 2017, with experts acknowledging that WannaCry malware is the tip of the iceberg when it comes to the sophistication of an attack.

Ransomware is often delivered through a phishing email which deliberately targets large numbers of users. When a user clicks on a malicious link or attachment in the e-mail the ransomware is executed, encrypting files on the device and locking the screen, usually displaying a menacing ransom note. This note will demand that the victim pays the attacker a ransom in a crypto-currency such as Bitcoin in order to regain control of their device and their files. In some instances, data will be deleted if the ransom is not paid in time and for a recruitment company, this could mean the loss of one of your most valuable assets – your contact data base.

The targets of ransomware are wide ranging and while many businesses may think that they are not desirable targets for cyber-attacks, any company or individuals who own data they consider valuable is a potential target. According to Europol, the WannaCry ransomware was successfully executed on 200,000 computers across 150 countries and a variety of sectors.

The WannaCry ransomware attack was not a sophisticated one. The ransomware took advantage of a particular issue in Microsoft Windows being released from an American Nation Security Agency (NSA) programme by a group allegedly based in Russia. The particular problem was fixed in Microsoft Windows in March, but many organisations were slow to update their systems or – in the case of the NHS – were often running very old versions. A major cause of the outbreak in May was a lack of security updates or 'patches' for software and operating systems which enabled the ransomware to take hold.

Despite there being on-going discussions over the attribution of the WannaCry ransomware to states including North Korea and the overall purpose of the attack, the wide scope of the ransomware highlighted systemic vulnerabilities in industries who may have considered themselves as less desirable targets to those with large financial reserves or huge numbers of customers.

The total value of the ransom payments made because of the WannaCry ransomware attacks was, in relative terms, extremely small, with only 302 payments being made, totalling just over £100,000. The impact, however, was wide reaching. Recruitment businesses should not just assess ransomware attacks in terms of immediate financial cost but, as past attacks and the WannaCry incidents show, assess the impact on operations, the value of the data that they hold, the dependency of departments on their I.T. infrastructure, reputational issues following an attack and customer confidence in your brand.

It is also likely that more and more malware, in particular ransomware, will target mobile devices, which as of yet is a fairly untapped resource for cyber extortion. Software able to encrypt data on mobile devices, removing access to both business data but also the large collections of personal e-mails and photographs could be devastating.

The conclusion for recruitment businesses should be about keeping all systems up to date with security patches, and valuable data backed up separately. As ever the training and awareness of employees should be paramount to any corporate information risk management program. Keeping your employees' data safe at work and at home will reduce the likelihood of ransomware being successfully executed and any losses occurring.