Boston Spa-based Deans Computer Services (DCS) is urging businesses to be vigilant about their IT management to protect against the growing threat of cyber fraud and ransomware attacks.
In recent months the DCS has received an exceptional volume of requests for advice from companies suffering from ransomware issues, reflecting a global surge in an increasingly sophisticated type of cyber-attack which encrypts data and demands money to unlock it. Ransomware is spread through email attachments, infected programs, fake software updates, compromised websites and weak passwords. Research shows that the main targets are SMEs due to a lack of in-house expertise on cyber security and the increasing number of devices interconnected within their online systems.
DCS managing director, Patrick Clayton, said: “There are hundreds of types of ransomware malware, such as Locky, Cryptowall, Job Crypter, Tesla Crypt. Although they have different names, they have identical behaviour, the only difference being the size of the ransom. Attacks are often instigated by highly organised and sophisticated gangs who even provide telephone support to help restore files if the ransom is paid. We advise businesses not to pay – research shows that there is no guarantee that files will be decrypted even after paying the ransom, and paying up simply supports this malicious practice.”
“Most SMEs don’t have the specialist knowledge to build a reliable security system which can protect valuable data such as customer contact information, credit card data, health data and intellectual property. Some staff use their personal devices within the business and companies are more interconnected than ever with a mix of online devices that, unless patched, are vulnerable to attack. In many cases staff don’t understand the risk of installing unknown software because they haven’t been provided with adequate training or risk assessment.”
“Most ransomware doesn’t just scramble C: drives. It also scrambles any files in any directory on any mounted drive that it can access, such as removable drives that are plugged in at the time or network shares that are accessible, including servers and other people’s computers. The first precautionary step any business should take is a comprehensive system backup on a daily basis.”