How ransomware can take an entire business offline

How ransomware can take an entire business offline

Matt Blowes February 08, 2018 Security

A company responsible for a fifth of the world's shipping freight was forced to return to pen and paper last year. Freight giant Maersk was in the midst of a devastating ransomware attack. It quickly realised there was no other option but to completely reinstall its IT environment.

The round-the-clock work took 10 days before its IT systems were fully restored. Maersk had been infected by the NotPetya ransomware variant. iTnews reported the cost to Maersk for the downtime at somewhere between US$250-$300 million.

The lessons are obvious: the threat of ransomware is real, the consequences of not having an adequate security and disaster recovery plan can be damaging and they can be permanent. 

Ransomware's typical delivery method remains unsophisticated. It still relies on sending mass amounts of email and hoping that someone, somewhere will open an attachment. Ransomware makers stick to this method because it continues to work. 

A threat, but a predictable threat

Ransomware poses a significant threat to business continuity. It can cause irretrievable data loss and the number of attacks against Australian businesses is increasing. 

The recently published Malwarebytes State of Malware 2017 report revealed, "in 2017, ransomware detections increased by 90 percent for business customers". 

Despite this increased threat, Malwarebytes did warn in their report that the ransomware trend was waning toward the end of the year. Largely due to even newer threats increasing in popularity. 

New threat emerging

The Malwarebytes State of Malware Report also highlighted a new and growing threat, malicious cryptomining attacks. 

You're probably familiar with Bitcoin, which typically can be obtained with traditional currencies or "mining" using computing power

A cryptomining attack is where a website, or ad on a website, uses your computer power to mine a cryptocurrency. It does this in the background, without warning you. A tell-tale sign of a website using you for cryptomining is if you computer suddenly slows down, goes hot and/or the fans inside your computer become loud.

At the moment, these attacks have largely occurred when users have accessed torrent or adult websites. However given the quick pay-off for criminals using this type of attack, expect them to slip into more credible websites and advertising platforms. 

As always, if you are uncertain about a website, link or attachment, feel free to contact the Sentrian Service Desk for support.  

Click to book a ransomware readiness assessment

Recent Posts

New call-to-action

Subscribe to Email Updates