The recent cyber attack on foreign exchange provider Travelex demonstrates the growing threat of ransomware and serves as a stark warning that financial services firms need to step up their security. That’s according to a leading cyber expert.
Tim Thurlings of bluedog Security Monitoring states that the company has detected a worrying increase in the number of ransomware attacks worldwide in recent months and blames a combination of factors including the ready availability of ransomware on The Dark Web alongside the uptake of cyber insurance which effectively allows companies to cover the cost of ransom payments.
The Travelex case follows a recent ransomware attack on Maastricht University, which is believed to have paid several hundred thousand Euros to retrieve its data.
Thurlings commented: “Ransomware is now big business. Criminal gangs are blatantly targeting companies and negotiating fees. The cyber crime market has become more professional. Coders develop ransomware and sell it on The Dark Web, which covers their own tracks and allows others to take the risk. Attackers can buy advanced malware from as little as €500. It even comes with Help Desk support to ensure that victims can access bitcoins to pay the ransom demanded.”
Typically, malware enters a company’s IT network through vulnerabilities in the system or through phishing e-mails to staff. Once inside, it spreads through the system, activating only once the back-ups and many of the machines are infected. The company’s data is then encrypted and the business grinds to a halt.
“This is when the clock starts ticking,” continued Thurlings, “as now everything is costing money. Productivity is at a standstill and experts are called in to restore the network. The ransomware demand is usually well thought out and set at an amount which is lower than the cost of fixing the problem. The attackers know that businesses have to be back on their feet or possibly go bankrupt. They also know that big companies are insured against these types of attacks. With the insurance companies picking up the bill, the attackers have created a very attractive and profitable business model.”
While big companies tend to be targeted by professional crime gangs, smaller firms suffer more random attacks, but can actually be more at risk.
“Attacks on smaller firms are more like drive-by shootings,” suggested Thurlings. “The criminals may send out a million phishing e-mails knowing that a small number of people will click through. Small firms are unlikely to have the money to pay the ransom, hire experts to restore their system or have cyber insurance so there’s a bigger risk of them going out of business.”
While companies need to secure their networks and educate staff about cyber security, Thurlings believes that firms now need to take their security to the next level by using a professional 24-hour cyber security monitoring service.
“Measures such as firewalls and endpoint protection which firms have traditionally relied upon are no longer adequate as they can be breached too easily,” asserted Thurlings. “Companies need to be able to detect threats inside the network, whether that’s ransomware spreading through the system, an attacker logging into it from a remote location or a rogue employee downloading sensitive data. A cyber security monitoring service will help ensure that any problems are identified and contained as quickly as possible with minimal impact on the business.”