Dealing with Ransomware

What should businesses do when their systems are held hostage by hackers?

With more businesses digitalising and moving their operations online, they have become more susceptible to cybercrimes like phishing attacks and malware. Indeed, there were 9,430 cybercrime cases reported in 2019, up by almost 52% from the previous year, according to the Cyber Security Agency of Singapore (CSA).

One form of cyberattack is known as ransomware, a type of malicious software designed to block access to a computer system until a sum of money is paid. There were some 35 ransomware cases in 2019, a jump of over 50% from 2018. Most of the attacks were aimed at the travel and tourism, manufacturing, and logistics sectors.

It does not take much to trigger a cyberattack like ransomware – one click on a fraudulent email is enough to spread the malware through a company’s network and render its data inaccessible until the criminals responsible are paid off.

In such a situation, what should businesses do? Here are some quick tips.

Do not pay

While paying the ransom may give you back control over your systems, tech experts and law enforcement agencies around the world advise against this.

Firstly, there is no guarantee that the hackers will or are even able to decrypt your files and restore your data. Furthermore, you may be setting up your business for further ransomware attacks, as you would have shown your willingness to pay the ransom. Hackers may also continue to ask for higher sums of payments, even after you have paid off the initial ransom.

Notify the authorities

Report the ransomware attack to The Singapore Computer Emergency Response Team (SingCERT), a CSA organisation that responds to cybersecurity incidents in Singapore. SingCERT was set up to facilitate the detection, resolution and prevention of cybersecurity-related incidents on the Internet.

Reporting cybersecurity incidents to SingCERT allows them to understand the scope and nature of incidents, so that they can alert and assist other individuals and organisations who may then offer their assistance and expertise.

However, do note that SingCERT’s activities focus only on providing technical assistance and facilitating communications in response to computer security incidents. If your company wants to pursue any form of investigation, such as finding out the identity of the intruder or seeking legal prosecution, they can contact the Technology Crime Investigation Branch of the Singapore Police Force, or discuss it with your organisation’s legal officer.

Execute your response plan

Ideally, your company should have a plan to deal with cyber incidences that focuses on quick detection and containment. According to a report by EY, this response and recovery plan should be regularly assessed and refreshed, and include all relevant stakeholders from IT, legal, compliance, human resources, operations and communications.

“Response plans should clearly define responsibilities and enable stakeholders to lead effectively in a crisis,” the report noted.

Your firm’s legal department should also be notified once an incident is discovered. Your legal counsel can advise on the necessary steps to stay compliant with any data protection and privacy regulations.

Be prepared for the next incident

Prevention is definitely better than cure when it comes to ransomware. SMEs, who are likely to have less resources to deal with cyberattacks, can tap on schemes to help them beef up their cyber defences.

Under the SMEs Go Digital programme, for instance, SMEs can receive funding support under the government’s Productivity Solutions Grant to cover part of the cost of pre-approved cybersecurity products and services.

SMEs will also soon be able to access free cyber health screenings to spot weaknesses in their web domains, e-mail systems and connectivity, at the upcoming Internet Cyber Hygiene Portal, which will be housed on CSA’s website.

Beyond technological solutions, companies must also educate their employees on the threat of ransomware. A global survey by Proofpoint in 2020 found that less than one-third of working adults were able to explain the term “ransomware.”

Employees should be taught how to detect suspicious emails and promptly notify the relevant parties within the company. As working from home becomes more common, remote workers must also understand that they are vulnerable to attacks through tools such as remote desktop protocols.