Ransomware is a software that is specifically designed to encrypt users’ devices. It is a form of Malware that is generated to cause damage to a machine. The software can access your computer system, steal data, and encrypt your device causing viruses and other malicious activity. Find out what companies have been a ransomware target in our hit list below.
Click Here to find out more information on Ransomware.
HOW IT WORKS?
Ransomware infects your computer which can sometimes restrict you from accessing your device and depending on how aggressive the attack is, it can prevent you opening your files and data unless you pay a sum of money.
As cybercriminals are anonymous and protected through specific software, it makes it extremely hard to trace the individuals that target people. This means they can continue to demand money without any repercussions, due to their advanced algorithms. They can threaten to delete and encrypt files, which intimidates users to pay a ransom.
Ransoms can range from hundreds to thousands of pounds and is usually in the form of untraceable bitcoin.
Typically, attackers target less established companies or organisations that usually have smaller security teams. These companies might not be able to handle the severity of the issue, making it easier for cybercriminals to access important information.
Additionally, cybercriminals may also target firms that would not want the negative press and speculation an attack could cause if reported by the media. These types of companies are therefore more likely to pay a fee to avoid the ransomware issue. This would be aimed at big organisations such as the NHS, law firms or the Government that wouldn’t want sensitive or confidential information being accessed or released and would be more likely to pay a ransom to protect their organisation, clients or patients.
COMPANIES THAT HAVE BEEN AFFECTED
Ransomware attacks are costing UK companies approximately £346 million per year and affects nearly 50% of businesses.
Some of the most common or high-profile cases of ransomware in the UK are listed below.
NATIONAL HEALTH SERVICE
One of the biggest UK Ransomware attacks was back in 2017, when the NHS was hit with the WannaCry catastrophe. This caused major issues within the NHS, costing them 92 million pounds.
This strand of ransomware was particularly sophisticated and meant the NHS couldn’t access important information for several days until the issue was resolved.
It had a great deal of implications as over 200,000 computers were impacted and as a result thousands of consultations and operations had to be cancelled. This caused major disruption to the NHS.
In this case, the issue was caused from an email which was sent directly to the organisation which contained an attachment. Once opened, it then released malicious software onto their databases and encrypted files and other machines.
Police Federation of England & Wales
The police federation unit for England & Wales was hit with a cyber attack at the Surrey Headquarters on 9th March 2019.
They suffered significant disruption, with servers going down, email systems being encrypted and back up servers being erased.
Experts had to isolate the systems to prevent the virus from spreading and causing even more damage. The case was investigated by the Cyber Incident Response Division to try and understand how the issue arose.
Experts believe that a more updated kind of cyber defence is needed to help make their systems more secure from threats.
Universities & Charities
In May 2020, various Universities & Charities across the country and overseas faced a major data breach, as Blackbaud was attacked by hackers and organisations were threatened with a ransom.
The security breach included stolen data of contact details, previous and upcoming events, and donation history, but fortunately no major bank details were revealed.
Although Blackbaud has not specified the extent of the attack, it has been confirmed that the provider did pay an unidentified amount, which law enforcement strongly advise against.
Blackbaud suffered the attack but didn’t inform ICO or any of its customers until weeks after the incident occurred, which is frowned upon under GDPR guidelines and is likely to result in an ICO investigation and heavy fines. Find out which organisations were affected by the attack here.
On the 16th July 2020, the UK’s Labour Party was struck with a huge data breach in which important and confidential information was stolen by cybercriminals.
The political party have been put in a compromising situation, as thousands of their party donor’s data has been accessed and retrieved, details of which date back over several years.
Political opinions and votes were also compromised, which if released, could have been extremely detrimental.
It is understood that the motive behind the attack was purely to disrupt business operations rather than to steal information, but it is unknown as to whether the hackers retained any data.
Luckily, no payment transactions were made though, and bank details remained confidential.
The multinational technology company, Garmin, who specialise in products for sports, aviation, automotive and much more, were hit with a Ransomware attack in July this year.
The attack effected the whole of Garmin’s internal network, as well as some of the production and manufacture lines for its products.
Garmin released an official statement to announce the issues they were facing, as all customer service lines were out of use as a result. This impacted their call centres, emails, and online chats.
The business had no choice but to shut temporarily, as well as restrict access to their website, so that specialised IT staff could solve the problem and run a thorough investigation. This caused huge losses in sales and has ultimately resulted in a loss of trust with customers and damaged their reputation.
Ransomware Doesn’t Discriminate
With any cyber breach, including ransomware, the ICO (Information Commissioner’s Office) will be involved in investigating the cause and they will not fail to come down hard on any organisation that fails to protect customer’s data in line with GDPR.
This hit list is just a small example of how devastating breaches can be to organisations of all sizes.
Ransomware is not completely unavoidable. However, there are certain systems, technologies and procedures you can put in place to better protect you from being hit and to ensure the outcome isn’t as devastating should you become one of the unlucky ones.