Businesses urged to be vigilant after ransomware attacks

Officers from Northamptonshire Police Cyber Protect Team are urging businesses to remind staff to be extra vigilant while working from home during the Covid-19 pandemic.

Following the government “lockdown” on March 23, the risk of businesses being targeted has increased with more employees working remotely, some using their own devices, and less opportunity to discuss suspicious links with colleagues.

In the past month, the Force has received reports from two county businesses which have been attacked by a type of malicious software called ransomware, which prevents access to documents and servers.

Cyber Dependent Protect & Prevent Officer for Northamptonshire Police, David Reed said: “In the latest reports, one of the businesses has been seriously affected by the attack, which locked their computer files and financial, employee and customer records.

“Like many organisations trying to operate during the current situation, they were already relying heavily on company IT systems and devices to allow staff to work from home or in separate offices.

“Unfortunately as a result of the attack, they’re struggling to function, as staff cannot access important work documents or use customer and product databases, and they now need to allocate extra time and money to rebuild the missing data.”

Ransomware is a type of malware used by criminals which prevents access to your computer documents by silently encrypting them, which means they cannot be opened, modified or used in any way.

The computer itself may also become locked or the documents might be stolen or corrupted irreversibly. Ransomware will usually try to spread on to other networked devices and storage, infecting them and in turn encrypting more stored data.

Mr Reed added: “Normally an electronic ransom note will demand a Bitcoin payment in order to decrypt and unlock documents, but even if you pay the ransom, there is no guarantee you will regain access to your documents and computer if you do.

"However, by taking simple steps, there are many ways you can deter cybercriminals and the reason the second business was not as affected by the attack was because they had made important changes.

“They’d updated their cyber security and disaster recovery procedures following a free cyber protect security review, which was carried out by the Cyber Protect Team, and is available to all businesses across the county.”

While the following five steps cannot guarantee your business and staff will be completely protected from ransomware, they will greatly reduce the risk.

• It is essential to always have a recent copy of your most important documents. Make regular backups via the cloud and/or use storage which is disconnected after each backup is complete

• Keep your operating system, apps and other software up-to-date. Security patches are included in these updates to fix security bugs and vulnerabilities in order to keep your devices and accounts safe

• Avoid clicking links in unexpected and unverified emails and texts. Phishing is the still the main technique used by cybercriminals to gain access your computers, networks and accounts

• Only download from trusted sources and app stores and never open attachments in unverified emails. Attachments and downloaded files can infect your computer or device with malware such as ransomware

• Ensure you are using an up-to-date and trusted antivirus package on each device and have enabled your computer and/or network firewall

To book a free Northamptonshire Police Cyber Protect Security Review or staff cyber awareness training course, email CyberProtect@northants.pnn.police.uk or for more information on how to protect yourself online, visit www.ncsc.gov.uk

If you believe a live ransomware attack is taking place call 999, or otherwise report it and other cybercrime to Action Fraud on 0300 123 2040 or actionfraud.police.uk