Ransomware – Kidnapping in the digital age

Ransomware attacks are on the rise, paralyzing corporations and other organizations. A representative survey reveals a need for advice among companies. But private individuals are affected as well.

Ransomware is nothing more than extortion software. A Trojan finds its way into a PC or enterprise network, becomes active and starts its „work“. All data – including sensitive business and customer information – on hard drives or servers is copied and encrypted, blocking access to it. Nothing works anymore. Only a message appears on the screen: The computer has been “hijacked” and will only be released after ransom has been paid, which usually has to be done by a specific deadline. Payment is to be made via bitcoins or in another digital currency that cannot be traced back to the recipient. And “no police!”

Immense damage

Granted – I don’t know whether “no police” is part of the ploy. But it is doesn’t really matter. The fact that one’s own data ends up in the hands of criminals shows just how dangerous such an attack is. There is always a risk that files and documents will be published unprotected and freely accessible on the Internet – even if the victim agrees to the attackers’ demands and pays. Attackers are usually based abroad and operate via encrypted networks. There is little chance of tracing an attack back to the cybercriminals. The situation is serious. Ransomware attacks on enterprises are on the rise and the damage caused by them is immense. During an attack on the Düsseldorf University Hospital in September 2020 one person even tragically died. Just recently it turned out that, according to the German Federal Office for Information Security (BSI), the attack could have been prevented. Basic protection would have been enough. Even worse: The BSI warned Düsseldorf University Hospital as early as January 2020 – eight months before the attack.

Enterprises are mostly unprotected

A survey of IT professionals conducted by Civey, a market research institute, on behalf of TÜV Rheinland shows that enterprises aren’t really prepared for such attacks. When asked whether their company was sufficiently protected against ransomware attacks, more than half of the respondents (54.5%) answered “yes” or “more or less yes”. Only less than one in three (28.9%) answered “no” or “more or less no”. But many companies might overestimate their capabilities in this regard. Adequately protecting your business against damage from a ransomware attack is a complex matter requiring a large set of coordinated measures.

say: "My company is sufficiently protected against ransomware attacks"

Safeguarding your business in five steps

Effective protection can be achieved if businesses implement a five-phase plan as part of their cybersecurity strategy. The experts at TÜV Rheinland refer to the following steps: Identify, protect, detect, respond and recover.
In the first phase, a risk analysis is carried out, followed by appropriate measures to clearly identify possible risks. This includes examining the processes and the value of all information held within a company. It might be useful to support this examination by performing penetration tests to uncover vulnerabilities in the corporate network. The next step is to implement appropriate measures for protection, for example, filtering out spam e-mails or securing individual computers – the so-called endpoints. The “endpoint response“ is used to detect and fend off an impending virus or to initiate an “incident response process“. Finally, the recover phase is about backup solutions with suitable recovery plans for emergencies.

Professional advice is useful

A key aspect of this approach is the preparation of an emergency plan that includes clear rules for crisis communication. If an attack takes place, it is crucial to inform all stakeholders, such as government authorities or business partners, promptly and appropriately.



My recommendation is:

Call in experts who advise you on topics such as risk analysis, threat management, penetration testing, endpoint protection, firewalls or incident response processes. The interaction of these solutions offers the highest level of protection. But such a technical setup should always be established by experienced experts.

Anyone can be affected

No business is too small or too insignificant to be attacked. It really can hit any company. But not just businesses and organizations, private individuals can also be the target of an attack. If you do not ensure a sufficient level of protection on your home laptop or desktop PC, you can expect a Trojan to find its way into your computer, opening the gate for the ransomware attack and locking the device. While ransom demands certainly won’t be as high as for companies, it is at least a major nuisance – especially when the photos of the family celebration suddenly appear on the Internet. Therefore, please always install all Windows updates, keep your antivirus and firewall software up to date and always use the most recent versions of your browsers. If offered by the antivirus manufacturer, install a plug-in for the browser that monitors the Internet sites visited. Plus, you really should always secure your own Wi-Fi with the highest possible level of encryption – and use a really inconvenient password to do so.

Author

Norman Hübner

Press Spokesman

Norman Hübner is a press spokesman for the topics digital Transformation and Cybersecurity at TÜV Rheinland. As a fan of space research and science fiction he is fascinated by the possibilities of digital change and the opportunity to accompany companies virtually up close on their way through digitalization. “We are still at the very beginning of the digital transformation. I find it very exciting to be able to play an active role in this phase of real change with a company as TÜV Rheinland”. In his limited free time, the father of two is a family man. In his daily work, prudence and mutual respect for the added value of his colleagues are important to him.

More Posts