Cyber crime: ransomware attacks

Ransomware-banner

 Ransomware is malware that encrypts an individual's files so that they no longer have access to them, and subsequently demand payment for the files to be released. Usually the payment is asked to be made in an untraceable cryptocurrency form, such as Bitcoin. The most common way ransomware ends up on an individual's computers is through email spam, which individuals will click on and open.

Unfortunately, the files cannot be decrypted without a mathematical key which is only known by the cyber attacker, and the reason why many individuals tend to pay up. However, many find that despite paying the ransom, their files remain encrypted.

When looking at which countries were affected by ransomware attacks the most, the UK was found to have the highest percentage out of Europe:

  Figure 1: Cybercrime Tactics and Techniques: Ransomware Retrospective Report, Malwarebytes

Despite the NHS facing one of the worst ransomware attacks in May 2017 - the WannaCry ransomware attack - which cost the NHS £92m and caused more than 19,000 appointments to be cancelled (The Department of Health), this chart clearly highlights how organisations in the UK still need to invest more into their Cyber Security solutions to stay protected from ransomware attacks.

At Exponential-e, we help organisations that have been affected by ransomware attacks. Our Head of Cyber Consultancy, Mark Belgrove, discusses a real-life cyber attack in the video below, and shares how Exponential-ehelped mediate the situation. 

Phishing: attacks and prevention

Phishing-attacks

Phishing is the fraudulent use of electronic communications to try and obtain sensitive information, such as usernames, passwords and credit card details by posing as a legitimate institution. Phishing attacks attempt to get individuals to click on a malicious link and enter confidential information to steal their identity, funds or to be the first step in a serious cyberattack against an organisation.

Continue reading

The importance of securing your data - Part 2: Data Loss Prevention tools

The-importance-of-securing-your-data-Part-2-Data-Loss-Prevention-tools

All organisations store data, and regardless of whether it's a recipe or an algorithm, this data is an organisation's most prized asset, which is why hackers make it their target. The Cyber Security Breaches Survey 2019 from the Department for Digital, Culture, Media & Sport (DCMS) found that 32% of businesses identified cyber security breaches or attacks in the last 12 months, which have cost an average of £4,180 in lost data and assets

Continue reading

The importance of securing your data - Part 1: Privacy and compliance

The-importance-of-data-loss-prevention

Cybercriminals are only getting more cunning and skilful with their cyber attacks, which is bad news for organisations when it comes to meeting privacy and compliance regulations. There can be significant legal implications for organisations if their data is not secure and regulations are not met. For instance, since the GDPR (General Data Protection Regulation) came into effect in May 2018, data protection regulators have imposed 114 million euros (approximately 97 million pound) worth of fines under the GDPR regime (GDPR Data Breach Survey 2020 by DLA Piper).

Continue reading

The future of CSOC: Threat Intelligence

The-future-of-CSOC-Threat-Intelligence

​ Organisations generate millions of system logs every day from the likes of servers, firewalls and network devices. Their ability to process, analyse and react to this information affects how they will manage any security risks and incidents. To help process this data, many organisations implement a Security Incident and Event Management (SIEM) system or outsource to a Cyber Security Operations Centre (CSOC) for their monitoring, which provides a real-time analysis of security alerts.

Continue reading

Cyber breach prevention

cyber-security-advisory

With cyber breaches growing in volume and frequency (Carbon Black reported that 88% of UK organisations suffered a breach in 2018) you can guarantee that your organisation will be targeted by cybercriminals at some point.

Continue reading