If you think that these Cyber threats people talk about just won’t happen to you, then it’s time to think again as Scottish brewery Arran recently found out.
Arran brewery has since warned firms to be vigilant after it was locked out of its own computer systems after being tricked into opening an email attachment that contained a virus. (Phishing attack – Read more on common attack)
After locking all systems, the culprits demanded a ransom of bitcoins worth £9600 to restore the system. Arran declined to pay, despite losing a significant amount of data from its servers.
What is ransomware?
Ransomware uses computer viruses that lock your files and data and threaten to delete your files unless you pay a ransom.
Like many viruses, it often enters the system by exploiting vulnerabilities in software or by tricking somebody into installing it.
Would you fall victim to this?
Arran Brewery managing director Gerald Michaluk described the attack as “very devious”. “We advertise job vacancies on our website. One such job vacancy was for a credit control and finance assistant post, now filled. “Out of the blue we started getting applicants for the post from all over the country and the world. “I assumed one of my colleagues had advertised the post. However, this was not the case; the attackers had taken our website vacancy and posted it on some international jobs site.
“We were getting three of four emails a day, all with attached CVs. The virus was in amongst the genuine job seekers, and when the CV was opened it took effect.”
He added: “I hope if anyone finds themselves in a similar position they can recognise the MO of these bandits and not have the same issues we have had.”
‘To Pay or No Too Pay – That is the Question’
Gerry Grant, chief ethical hacker at the Scottish Business Resilience Centre, said ransomware remained a popular “attack vector” for criminals. He said: “It can be very difficult to verify every single email that comes in, but you should be suspicious about attachments from people you don’t know or are not expecting.
Grants advice is “People is that they should not pay any ransom because there is no guarantee that those responsible won’t ask you for more money even if you pay up. “The best course of action is to contact the police and alert them to an attack.
‘Take IT Seriously’
Ransomware attacks are becoming very sophisticated and can put many smaller businesses into a devastating position and potentially out of business.
As a business “we cannot stress enough the need for businesses to take cyber threats and crime as seriously as other threats.” Shane Hunt, Security Consultant “Companies invest heavily in securing premises with Gates, Locks, Alarms, CCTV, Manned Security to protect themselves, but often neglect cyber security.
‘This also needs a focused and layered approach to repel the different types of threats. For many businesses a stolen computer that cost £400 to replace computer is easier to fund than a £10,000 fine from the ICO because your data has been stolen”
Ch Insp Scott Tees, of Police Scotland’s cyber-crime prevention team, said: “We would advise every computer user to ensure they’re running the latest versions of security software, have their data backed up regularly to cloud services or devices not connected to their computer. “Be extremely vigilant about opening any unsolicited email and visiting websites you are not familiar with.
Arran Brewery are now working with a local IT provider to remove the virus and try to recover files.
If you would like some advice on how to secure your business, we are happy to help. You may also wish to look at Cyber Essentials that can help your business ward off up to 80% of common cyber threats.