Ransomware



It's on the rise. It targets everyone and it can get through the most stringent IT security system.
Ransomware - Are you protected?










The first stage in protecting your company against Ransomware is to ensure that you have a suitable security solution in place. A layered system with anti-virus, firewalls, anti-malware, content filtering and web filtering is recommended, as is staying on top of patch updates and user permissions. To complement these standard IT security practices, industry leading security experts Sophos have recently launched Intercept X – a new solution which specifically protects against Ransomware. CryptoGuard Technology, contained within Intercept X, works by detecting spontaneous, malicious data encryption. Once detected, CryptoGuard stops the encryption in its tracks, before reverting your files back to their previous state.

vSTAX® Secure from Stack Group provides a comprehensive suite of security solutions – including Intercept X – in one easy to manage package. Delivered either as a fully managed service (Security as a Service) or hosted at your site, vSTAX® Secure is an ideal solution for small and mid-sized organisations. Prior to implementation, Stack Group can carry out a basic security audit free of charge.

For more information about vSTAX® Secure, please contact us or call 0151 521 2202
Unfortunately, no-matter how good your security solution is, preventing ransomware is not always possible. However, mitigating the impact is - which is why the second phase of protecting your business is through backup. By ensuring you have frequent backup of your critical data, should your files and folders be encrypted with ransomware, you can quickly recover your data so that you can continue with business as usual.

vSTAX® Protect from Stack Group uses best of breed cloud technologies to deliver fast, efficient and secure offsite backup. Should your data become compromised through Ransomware, vSTAX® Protect will ensure that your data is recovered and restored within a guaranteed SLA. Delivered as a service based solution, with a PAYG pricing model starting at £10.99/month, vSTAX® Protect is a specialised solution for SMEs.

For more information please contact us or call 0151 521 2202
The final layer of protection in the battle against Ransomware is full system recovery. If ransomware hits at the server level, all systems and applications will be compromised. In this case, simple data backup will not be enough to recover from the attack, therefore a full Disaster Recovery (DR) solution is required in order to recover all of your critical systems within the space of a few minutes.

vSTAX® Recover from Stack Group provides a full DR solution which allows you to fully restore entire applications and databases as well as individual files and folders. By implementing vSTAX® Recover at your organisation you can maintain business as usual and remain fully compliant both during and after a crisis.

For more information about vSTAX® Recover please contact us or call 0151 521 2202
  The Rise and Rise of Ransomware

Ransomware is the #1 malware attack affecting organisations today. These malicious pieces of software are used by cyber-criminals to access and encrypt your computer files, rendering them inaccessible. A ransom is then demanded in exchange for the decryption of your files.

This year alone there has been a huge increase in UK businesses being targeted. In 2016, Malware Bytes, in association with Osterman Research, conducted a “State of Ransomware” report which found that 54% of UK companies have been hit by ransomware attacks, and that on average 37% of organisations pay up. Another alarming trend is the increase in the number of SME businesses being hit. Small and medium sized organisations have become a primary target for ransomware criminals because they usually lack sophisticated computer defences, making them vulnerable to attack. However, just like large enterprises, they rely on their critical business data, meaning that they are extremely likely to pay the ransom.

Another emerging trend is to target the launch of an attack on both endpoints within an enterprise network and at server level. This means that not only can ransomware prevent you from accessing individual files and folders, it can also disable your entire systems environment, preventing you from using applications and software.

With the costs of launching attacks becoming cheaper, and the ransoms being paid increasing, cyber-criminals are making a lucrative profit from this type of attack. This means that for companies in the UK right now, it is not a case of if you will get hit – but when.

 How Does Ransomware Attack?

Ransomware is predominately launched via malicious emails or compromised websites. Often, emails are sent out which lure recipients into opening an attachment containing malware. Alternatively, users may be persuaded into visiting infected websites which then execute a ransomware program. Finally, newer variants have reportedly been spread via removable USB drives and other Internet of Things (IoT) devices.

One questions which SME’s frequently ask is “We already have an IT security in place, so why would a ransomware attack get through?” The answer to this is that ransomware attackers are very effective at breaching and surpassing IT security systems. One way in which they do this is by using “Zero-Day Malware”, meaning that the Trojan hidden within an email or website has not been identified before, therefore security software does not recognise it as a threat. Attackers also exploit vulnerabilities in security systems. This often happens at small and medium sized organisations as they lack the security staffing and expertise required to keep patches and software up to date. Finally, it is increasingly being seen that unsecured devices such as mobiles or USB drives, which exist outside of an organisations security system, are used as an access point for transferring ransomware on to a system when connected to the network by an unsuspecting user.

However, one thing is for certain – whatever technique is used, ransomware is extremely effective at breaching complex IT security systems, implying once again, that it is not a case of will a ransomware attack get through - but when.

The Consequences of an Attack

The consequences of ransomware are severely damaging to any business. Productivity and reputation are all compromised when ransomware strikes, whilst financial losses can be extremely costly.

It is widely accepted that ransomware encrypted data is unrecoverable. This leads to a severe disruption in productivity as business critical data is lost. Without databases, emails, customer records, sales materials, invoices and financial information, many people within the organisation will not be able to carry out their job role, therefore overall business function comes to a halt. Further to this, valuable employee time may be lost when data has to be re-entered or re-typed.

When ransomware hits, it is guaranteed that your organisation will also experience a financial loss. Some organisations choose to pay the ransom, which can cost thousands of pounds – with no guarantee that data will be recovered. There will also be costs incurred during incident response, as infected computers will have to be wiped or replaced and a reactive security solution will need to be implemented. Fines and penalties may also be incurred for non-compliance if sensitive data is lost. However, by far the most costly outcome of an attack is downtime. For a small organisation of around 30 people, the cost of downtime will be around £800 per hour. With disruption from ransomware lasting anything between 1 and 5 days, downtime costs for a business of this size can be between £5,000 and £25,000. For larger companies, the costs can be even higher; a mid-sized organisation of 100 people could lose between £20,000 and £100,000 in downtime, whilst a large organisation or regional hub of a multi-national could lose around £100,000 per day. To read more about the costs of downtime, please take a look at our recent blog article “The potential costs of company downtime.

Finally, ransomware attack can also be costly in terms of company reputation. Customer and stakeholder confidence is often lost when sensitive data is in the hands of cyber criminals. Reputation may also be damaged through loss of accreditation – data breaches will mean that you are no longer compliant with industry regulators which in some cases will result in removal of accredited status. Added to this, with the 2017 introduction of new European Data Regulations, companies will be under increased pressure to prove that copies of customer data have not been taken.

It is important to understand that when ransomware strikes, your company will experience financial loss, reduction in productivity and damage to its reputation, which is why mitigating these costs is so important.


For more information about Ransomware download our Data Sheet or Contact Us.