While most of us spent New Year’s Eve celebrating, the IT department at Travelex was grappling with a ransomware virus that was spreading through its systems.
Almost two weeks on, the currency exchange service is finally starting to restore its internal systems, having been forced to take its website offline and suspend many of its operations.
Employees have been forced to work with pen and paper, severely delaying the few processes that could still be performed, while several UK banks that work with the company have had to turn away customers who wanted to order foreign banknotes.
A Royal Bank of Scotland representative said: “We are currently unable to accept any travel money orders either online, in branch or by telephone due to issues with our travel-money supplier, Travelex.
“We apologise for any inconvenience caused.”
Lloyds and Barclays have issued similar statements, causing huge problems for people across the country who are looking to convert their pounds into foreign currency.
What is ransomware?
Ransomware is a specific type of malware that encrypts computer files, essentially locking the owner out of their systems.
The ransomware will then display a message demanding that the victim make a payment to regain access.
Criminals generally plant malware on victims’ computers by hiding it in an attachment contained within a phishing email.
Why not just pay the ransom?
Many ransomware victims feel obliged to pay up, because it’s the quickest way to get back to business.
However, experts generally urge organisations not to negotiate, because payments help fuel the cyber crime industry and there’s no guarantee that meeting the criminals’ demands will put the infected organisation in a better position.
For example, there’s the possibility that the cyber criminals will up the ransom demand if you try to negotiate, or that they won’t keep their word once you’ve paid.
There have also been cases where the ransomware has contained bugs that make it impossible to decode the data once you’ve received the decryption key.
You should also acknowledge that buying your freedom will only solve one small problem. Your IT team will still have to spend hours – if not days – restoring your systems, and you’ll still face the repercussions of massive delays.
That’s why experts say it’s better to use the money to get straight to your recovery. You’ll have the moral victory of fighting off cyber criminals – demonstrating in the process that it’s not worth targeting you again in the future – while also approaching the situation proactively.
- Lack of education is the leading cause of successful ransomware attacks
- The 5 biggest ransomware pay-outs of all time
- 7 tips for preventing ransomware attacks
Proactivity is essential when it comes to security incidents, because you’ll need to prove that you’ve considered the risks and have a response plan.
This is equally important for employees, who should feel that management has the situation under control, as it is for the ICO (Information Commissioner’s Office), which regulates GDPR (General Data Protection Regulation) compliance in the UK.
A further problem Travelex faces is that it didn’t report the incident to the ICO when it was first infected. And remember, it’s still a data breach if cyber criminals are locking you out of your systems rather than stealing sensitive data. That’s because a data breach is classed as anything that affects the confidentiality, integrity or availability of information.
Ransomware attack can also develop into ‘traditional’ data breaches if the criminals are able to access information from the locked systems. The criminal hackers in this case have claimed to have done that by siphoning off 5 GB of data from Travelex’s databases.
Preventing ransomware attacks
It’s impossible to avoid the risk of ransomware altogether, because there are so many ways that cyber criminals can target you.
However, as the majority of infections are the result of malicious attachments in phishing emails, you can eradicate your biggest threat by training employees to spot suspicious messages.
You can give them the tools they need by enrolling them on our phishing and ransomware e-learning course.
This ten-minute course introduces employees to the associated risks and describes the link between phishing and ransomware. Armed with this knowledge, your staff will be better equipped to detect suspicious emails and know how to respond.