Cybercriminals demanding payment
Beware hackers making ransom threats
The Scottish Business Resilience Centre and Police Scotland is highlighting a significant increase in so-called ‘Ransomware’ demands where cyber criminals cause a company’s data to be locked, deleted or stolen and then hold them to ransom for a financial payment.
The SBRC says these threats can be prevented by not clicking on links and not opening links within messages as these may be particularly high risk.
The threats focus on targeted attacks delivered by remote access applications such as TeamViewer (which allow people to access email and other documents outwith an office).
Ramsomware comes in various forms and is principally delivered through a disguised PDF attachment in an email, or by a redirection to malicious website or through a remote desk top application. The most recent spike in activity has been through Team Viewer.
These types of attacks or demands are often not personal and are delivered remotely by the attachment in an attempt just to get in to the machine with the lowest security.
Ransomware is a sophisticated and malicious code that will monitor a device for any perceived weakness and use this to gain access on a particular network.
The code will then automatically lock files or the device itself and demand a ransom.
The authorities note a significant increase for this type of attack and say every device with an online connection can be held ransom, with larger networks usually better protected with the latest security. However, any business can fall victim to ransomware with some even succumbing to the online criminal’s demands.
Detective Inspector Eamonn Keane, of Police Scotland’s Specialist Crime Division said: “The level and significance of these attacks is undeterminable. We know from our own intelligence that the UK and Scotland in particular are facing a significant increase in this level of attack with many similar digital crimes going unreported.
“What is clear is the people behind these attacks are sophisticated criminals, operating in an organised and determined fashion. They monitor and trawl the Internet to exploiting weaknesses and striking when the opportunity arises.
“We endeavour through awareness and preventative initiatives to support Scottish businesses to develop a comprehensive security strategy, repel these attacks and continue with their daily business.”
Police Scotland has issued some tips to ensure businesses do not fall victim to this sophisticated crime; and if they are unfortunate enough to become a victim that they do not pay up.
- Do not reply to, or click on links contained in, unsolicited or spam emails from companies or individuals you do not recognize. Even emails purporting to be from colleagues can be faked so check suspicious emails for mistakes in email addresses and URLs.
- Visit only websites you know to be reputable and have a business requirement for. Ensure you have effective and updated antivirus/antispyware software and firewall running before going online. Never connect unknown devices to your computer.
- Secure your network – Ransomware scopes out networks looking for areas of weakness and infiltrating computer networks through the smallest possible holes. Ensure your business has good digital hygiene, with a multi layered approach to internet security. Vigilance is key. Anti-Virus Software and a Firewall are not enough protection for a modern business.
- Be aware of Ransomware – Ransomware can strike at anytime, anywhere and within any sector, no matter what level of business you are operating in. Never open an attachment that looks insecure, or click on links that do not appear trustworthy. Ensure your device has security features to stop access to malicious websites, that features within documents aren’t downloaded onto machines and that any devices such as USB sticks are run through security software.
- Do not give in to the criminals – It is important that no matter what, you do not pay the criminals perpetrating this scam. If regular system back ups are created and records of all license keys are kept then at worse, a system can be rebooted.
- If a computer or device is completely locked out, seek professional advice from SBRC or another security contractor.
Detective Inspector Keane warned: “It is not enough to apply basic security packages. Businesses must ensure they have multi-layered comprehensive security policies which to include intrusion detection systems, antivirus software, malware protection, secure passwords with regularly updated backups, software patches and more.
“It can often be the weakest chain in the link that allows these criminals the room to operate.”