The news that Garmin was hacked last week is a timely reminder that ransomware is a real and present danger for companies of all sizes. The American GPS and smartwatch company was the victim of an attack that has encrypted some of its systems, leaving users unable to access services for almost a week. It has been rumoured that the company has been forced to pay US$10m to retrieve its data.
Speaking on the incident, Marcus Evans, MD of London IT solutions company Nutbourne, said that companies of all sizes are at risk of being attacked and that they should remain vigilant.
“We see examples every week in the business world of where ransomware is successful, or where people get effectively targeted by phishing attacks,” Marcus says.
“Just because you’re not a big name or don’t have a lot of employees, doesn’t mean you’re any more protected or unlikely to be attacked. It’s important you put all the right systems and processes in place.
“Each organisation has its own strategies, its own ways of dealing with these things, but Garmin has been down for a while and it looks like they’re may have had to pay for their data.
“It would suggest to me that they haven’t potentially put all of the mitigations we would expect to see from well-organised businesses. Large organisations can end up with sprawling infrastructure over time if it’s not reviewed regularly and this leads to forgotten holes which can be exploited.”
Reports indicate that the attack on Garmin’s systems came from the malware Wasted Locker – a program that deletes or obscures the target’s data – and is thought to be the work of EvilCorp, a Russian Cybercrime gang that targets American companies.
EvilCorp was responsible for the WannaCry and NotPetya attacks in 2017. According to the Guardian, it is thought that Wasted Locker seeded itself on Garmin servers via a hijacked newspaper website – a US publisher was unknowingly hosting the malware on its sites.
The method is a marked deviation from the usual phishing attacks that try to trick end-users into opening a malicious email attachment or downloading a file. EvilCorp is known for targeting specific organisations – banks, wealthy institutions and tech companies – with a mix of technical prowess and social engineering – a clear demonstration that ransomware is evolving and that more sophisticated cybersecurity solutions than ever before are now needed.
“This emphasises the threat that companies face,” Marcus adds. “If a business the size of Garmin can be hit by ransomware then how does a much smaller company with far less resource prepare themselves for something like this? How do they make sure that they don’t suffer themselves? And that’s a big question and a big problem. Fortunately, there are lots of things you can do to mitigate the risk.”
Don’t leave it to chance
Smaller companies face going out of business if their files are encrypted and they can’t retrieve their data or pay the release money. It’s a very serious threat, so don’t assume that you’ll be ok – statistically your company will be targeted at least once over a five-year period.
“You’ve got to make sure that you’re secure,” Marcus says. “Start by updating your equipment and updating your software. Older laptops and computers are particularly vulnerable, either because the software they run isn’t supported, or because they’ve been poorly maintained. Very often it’s both.
“It’s one of the simplest ways to prevent ransomware getting onto your network in the first place. And once it’s on, it can be hard to remove. But, if it does get onto your network, then it’s easier to remove if all your software and equipment is as up to date as possible.”
Educate your teams
The Garmin attack was highly sophisticated, which would have made it harder for the IT teams to identify the incoming attack early on in its lifecycle. It also seems to have been a managed attack which would have meant some of the preventative systems were probably bypassed by the attackers directly. That said, making sure your staff know how ransomware manifests and accesses networks is a very simple but highly effective way to prevent it seeding on your systems or get warning early on.
“It’s important to remember that the vast majority of ransomware attacks are still through malicious links or downloads from emails – and they’re relatively easy to spot. While ransomware is evolving, raising awareness of how the basic versions attack organisations is a very effective method of prevention. As a firm constantly looking to protect against ransomware, we’re always touting the motto that prevention is better than cure.
“If you don’t know how to educate your teams or where to start, then invest in some outside expertise. Many IT solutions companies – ours included – will deliver education workshops and issue company guides for enterprises of all sizes.”
Master the basics
Basic cybersecurity hygiene should be built into your company’s IT strategy. If it isn’t, then you are leaving yourselves vulnerable. “Patch your servers, invest in good quality spam filters and virus solutions,” says Marcus. “Review and refine processes, systems and procedures at least quarterly. If you don’t know how to do that, call in some expertise and have some audits carried out. The cost of doing so is far less than the cost of a breach – and it will keep you safe in the long-term.
“I would also ensure that every member of the team is adhering to cybersecurity policy i.e. using two-factor authentication for their laptops, emails and software accounts. Any data that is taken off site should be encrypted. In the event those items are lost or fall into the wrong hands you are more likely to be protected from a data breach. It also goes a long way to preventing ransomware accessing networks and spreading once inside the network. These measures are an absolute minimum.”
Backup your data
You should be doing this regularly as a matter of good IT practise. It’s no longer enough to just backup some of your data or to back it up onsite in a single location, cloud backups have become significantly cheaper in recent years and the better your back up the faster your recovery.
“Store your data in different places too,” Marcus advises. “You don’t want all your eggs in one basket. Using cloud storage such as Office 365 and Dropbox spreads the risk and limits the impact of any ransomware attack. It leaves you in a workable position that isn’t all or nothing. This is as much about business continuity as it is about data protection.
“Ultimately you need to do all you can to prevent an attack from happening but the actions you can take here will be limited by your budget. So, you need to have a fool proof, diverse backup which is regularly tested to fall back on and ensure you aren’t being held to ransom.”
If you’d like to find out more about our company, which offers ransomware solutions in London, then get in touch! Contact Nutbourne today on 0203 137 7273.