The cyberattack on foreign exchange provider Travelex demonstrates the growing threat of ransomware and is a warning that firms need to step up their security, according to a leading cyber expert.
Tim Thurlings of says the company has detected a worrying increase in the number of ransomware attacks worldwide in recent months. He blames a combination of factors including the ready availability of ransomware on the darknet and the uptake of cyber insurance which effectively allows companies to cover the cost of ransom payments.
The Travelex case follows a recent attack on the Dutch University of Maastricht, which is believed to have paid several hundred thousand euros to retrieve its data.
Tim Thurlings says: “Ransomware is now big business. Criminal gangs are blatantly targeting companies and negotiating fees. The cybercrime market has become more professional. Coders develop ransomware and sell it on the darknet, which covers their own tracks and allows others to take the risk.
“Attackers can buy advanced malware from as little as €500 and it even comes with helpdesk support to ensure victims can access bitcoins to pay the ransom.”
Typically malware enters a company’s IT network through vulnerabilities in the system or through phishing emails to staff. Once inside, it spreads through the system, activating only once the backups and many of the machines are infected. The company’s data is then encrypted and the business grinds to a halt.
“This is when the clock starts ticking,” says Tim, “as now everything is costing money. Productivity is at a standstill and experts are called in to restore the network. Typically the ransomware demand is well thought out and is an amount which is lower than the cost of fixing the problem.
“The attackers know that businesses have to get back on their feet or go bankrupt, and that big companies are insured against these types of attacks. With the insurance companies picking up the bill, the attackers have created a very attractive and profitable business model.”
While big companies tend to be targeted by professional crime gangs, smaller firms suffer more random attacks but can be more at risk.
“Attacks on smaller firms are more like drive-by shootings,” adds Tim. “The criminals may send out a million phishing emails, knowing that a small number of people will click through. Small firms are unlikely to have the money to pay the ransom, hire experts to restore their system or have cyber insurance – so there is a bigger risk of them going out of business.”
While companies need to secure their networks and educate staff about cybersecurity, he says firms now need to take their security to the next level by using a professional 24-hour cybersecurity monitoring service.
“Measures such as firewalls and endpoint protection which firms have traditionally relied on are no longer adequate today as they can be breached all too easily,” says Tim. “Companies need to be able to detect threats inside the network – whether that is ransomware spreading through the system, an attacker logging into it from a remote location or a rogue employee downloading sensitive data.
“A cybersecurity monitoring service will help ensure that any problems are identified and contained as quickly as possible with minimal impact on the business.”