Ransomware Attacks: The Costly Consequence of Poor Cybersecurity Measures

In our increasingly digitised world, cybersecurity is something that is becoming of greater importance. Many businesses and organisations are seeing a massive increase in cyber attacks, which can lead to the leaking and subsequent misuse of sensitive data and compromised system reliability. Ransomware is one type of malware that hackers have used against many businesses and organisations in the past few years.

Ransomware can be defined as malicious software that can impact devices such as smartphones, laptops, desktops, and many other devices. After entering a system, it can encrypt data that it interacts with and then produces a ransom notification to users, demanding a form of payment. A payment would typically result in a decryption key allowing the retrieval of data. Common trends show when deadlines are missed, there is a threat of enhanced payments or even deletion of the data.?

2017 WannaCry ransomware attack

In 2017, the WannaCry ransomware attack ripped across more than 250,000 devices in over 150 countries and impacted large organisations like the UK’s National Health Service (NHS). This piece of ransomware, known as WannaCry, impacted over 150 countries and cost the UK an estimated ￡92 million. It is thought that the total global cost of this event was as high as ￡6 billion.?

This type of ransomware is often distributed through an email system and can typically promote the opening of an attachment, which then releases malware into a system. This tactic may be known to many as Phishing. Unfortunately, once your device has been impacted, your data can become encrypted without your control. You may then receive a notification associated with some form of a request to pay to regain access to the data.?

The NHS was brought to a halt on the 12th of May 2017 for days following the WannaCry ransomware attack. This impacted general practitioners (GPs) and hospitals in England and Scotland. Thousands of appointments were cancelled, emergency patients had to be relocated in some cases, and in general, there was a great deal of chaos created. Some staff had to ditch electronic forms of operation and began working with notepads and pens to uphold some form of patient care.?

This WannaCry ransomware exposed a specific vulnerability with Windows, a very popular and maintained system. Most of the devices impacted within the NHS were running an unpatched operating system and it is thought that around 80 of the 236 trusts were impacted. A further 603 primary care units and other NHS units were also impacted. In this case, no NHS ransom was paid, although service disruption itself cost an estimated ￡92M. After desperate efforts, a computer security researcher discovered a way to halt the attack.?

The dangers of ransomware attacks?

Ransomware remains the most popular choice of weapons by criminals and security experts continually promote the need to secure NHS-type organisations in the medical field. Due to the nature of their field, there is a lot of critical information held on patients which can cause disaster if unavailable, making them prime targets for malicious hackers. In fact, some experts report health data being around ten times more valuable to criminal hacker groups than banking details.

In the future, NHS staff who are leading in IT security will have the support of increased NHS funding to secure systems and data from the UK Government, a move by the government in a bid to reduce risk. Utilising specialist cyber security experts from the IT security industry with this financial support is critical. This ensures a robust, future-proofed system is in place which can be relied on and support can be provided quickly to prevent long downtimes. These experts have operated across multiple industry sectors, solving highly complex organisational security issues to form positive strategies and successful operations.?

Here at Bramfitt, with a team of over 50 specialists worldwide, we have an amazing track record of supporting organisations’ cybersecurity needs. We have facilitated the implementation of new security measures in major pharmaceutical, energy, and retail organisations. Our consultants have found major success and are dedicated to cultivating enduring partnerships with our clients. We offer valuable expertise and pragmatic recommendations to assist our clients in navigating this tricky and? constantly evolving cybersecurity environment.

To find out how you can hire the best people to get the best security for your business or organisation, reach out to us here.?