Malware is an umbrella term for a wide variety of malicious code/software, designed to accomplish nefarious goals such as providing remote access, loading or dropping additional malware, stealing bank account information, encrypting and denying access to data or to hijack a device’s computing power.
How it happens
Malicious software is coded with the intention of harming its target, impacting personal and business users alike. It can steal information, damage data, hijack website visits and spy on internet activity.
Malware is often delivered through 'phishing emails’ or fraudulent links. Malicious apps and USB memory sticks can also compromise smartphones and computers with malware, and it can also be distributed through the use of malicious online ads and ‘pop ups’.
It can hide inside normal looking software (trojans) or spread between machines, without relying on user interaction (worms). It’s designed to avoid defences installed on your device such as antivirus software and firewalls.
Malware can stay hidden on a device for months until activated but once installed (even accidentally), it can carry out many unseen activities, such as spying on website visits, destroying data or piecing together passwords.
Ransomware – the biggest threat?
Ransomware is one prominent type of malware and often the most preferred by criminals due to the impact it causes. Ransomware usually follows a phishing attack and compromises a business' network and systems. Once a cyber-criminal has access to a network, they use different tools to move around the network, identifying valuable information and other vulnerabilities. The cyber-criminal then deploys ransomware, which holds their victim’s data hostage by encrypting it and withholding access until the ransom is paid. More recently, cyber criminals have been stealing data prior to deploying ransomware – this adds additional threat and persuades victims to pay the ransom so that the data isn’t released to the public.
Once ransomware has been deployed, there are numerous impacts to the business. Some of the main ones are:
- Financial – the business may not be able to undertake operations and complete work, costing them financially. There’s also the cost of restoring business systems to working order.
- Reputational – The business’ reputation is likely to be negatively impacted, resulting in potential further financial losses and a loss of trust within their industry.
- Disruption – depending on the business’ continuity planning, downtime could be lengthy, causing disruption to the business and all its stakeholders, such as customers and suppliers.
Ransomware can impact any size of business in any industry. Ransomware payment requests are often in the form of cryptocurrency and can vary in amount, from a couple of hundred to several million pounds.
The ransom request is not always the end of the story or the only financial impact. Companies may incur fines if they pay ransom to individuals who appear on sanctions lists maintained by the European Union (EU), United Nations (UN), US Office of Foreign Assets Control (OFAC), or any other country. Attributing a ransomware incident to a specific cyber-criminal can be challenging, which in turn makes establishing any regulatory risks even more difficult, causing some victims to turn to specialist cybersecurity firms for assistance. There is also the risk of other regulatory fines where data is impacted or stolen as part of an attack.
If you become a victim of ransomware, what should you do?
- The UK national Crime Agency strongly advises against paying a ransom, as there’s no guarantee you’ll recover the encrypted files, and paying only encourages further attacks.
- If you suspect a computer has been infected with ransomware, immediately disconnect it from the network.
- Notify your IT security team so they can implement their incident response plan.
- If your business is operating in the UK, you should report the incident to Action Fraud and the National Cyber Security Centre (NCSC). If your business is operating internationally, you should report the incident to local law enforcements in the country you’re operating in.
- Consider and take any relevant actions and reporting pursuant to law and regulation e.g. in relation to data breaches.
- More information is available from the National Cyber Security Centre website at ncsc.gov.uk/ransomware/home.
Viruses/Worms
Viruses and worms infect systems, usually with the intention of causing some form of damage or spreading to infect other systems. Once a system has been infected, the virus/worm will copy itself to your files and they are able to replicate across a connected network. More recently, this type of malware has been used to provide a way in for more destructive malware such as ransomware.
Spyware
Spyware is a type of malicious software that, once installed on your device, it steals information which usually includes a log of all your activity. It can record screens and even be a key logger which logs all of the keys you enter. This can then provide the cybercriminal with your passwords and user credentials, allowing the criminal to compromise your online accounts.
How to protect yourself
Protect yourself from Malware
- Keep PC’s, servers and associated hardware up to date.
- Install reputable anti-virus software, install updates as soon as they become available and fix any vulnerabilities in your business’ systems.
- Develop a cyber security response and recovery plan, including data back-up processes and test them regularly.
- Data back-ups should be performed regularly and stored off-site and offline, to prevent an attacker getting hold of it in the event your systems were compromised.
- Have a defence in depth strategy for your business e.g. against Phishing emails, including segregating networks (where possible) so that an attacker would have to breach several layered defences to be successful.
- Make sure that your business has robust IT systems and procedures in place, such as using a secure Wi-Fi network and data storage systems.
- Use a firewall to protect your systems from intruders and unauthorised traffic.
- Make use of a virtual private network (VPN) to protect you and your business over Wi-Fi connections, particularly public Wi-Fi connections, as well as Multi Factor Authentication (MFA) which will give data a second layer of protection, through requiring at least two methods of verification to protect your data.
- Administrator accounts have greater access, limit these to staff that need that enhanced level of access to reduce the risk if malware is installed on your systems.
- Consider blocking any software which isn’t already authorised this is known as an ‘application approved list' and having systems in place which restrict file types permitted to run on your system, only allowing business employees to access the systems they need to use.
- Give training to staff so that they understand the risks of a malware attack. It will also help them spot phishing emails and malicious links which may contain ransomware.
- Disable MS Office macros on email attachments.
- Promote an understanding of digital risk and robust password management.
- If you suspect a computer has been infected by malware, immediately disconnect if from the network.
- Don’t download software or apps from unofficial app stores or through website and links.
- Never open unexpected file attachments or click on links.
- Don’t use USB sticks, especially from unverified sources.
- Don’t use the same password for different business logins.