What is a banking trojan and how do you stop one?

banking trojan

Zeus, SpyEye, Emotet. What do those names mean to you? As much as they sound like Marvel supervillains, they’re all examples of high-profile banking trojans.

Emerging in the mid-noughties, banking trojans have morphed into one of the most dangerous SME cybersecurity threats. But what are banking trojans? And how can you protect your business from them?

What is a banking trojan?

A banking trojan is a particularly nasty form of trojan horse malware that aims to give cybercriminals access to networks and confidential information stored in online banking systems.

Banking trojans typically come in two forms:

  1. Backdoor trojans: Use backdoors in your system to circumvent security measures and gain access to your computer.
  2. Spoofers: Steal user credentials by creating a fake version of a financial institution’s login page.

How do banking trojans work?

A banking trojan works in much the same way as the mythological wooden horse from which it draws its name. A typical banking trojan looks and behaves like legitimate software until you install it. Once it’s on your device, it shows its true colours.

Cybercriminals use banking trojans to:

  • Steal banking credentials
  • Make unauthorised transactions
  • Siphon funds to the attacker’s account

Did you know that 47% of UK SMEs feel more threatened by cybercrime since the cost of living crisis began? Find out more in our latest report.

Why are banking Trojans so dangerous? 

Banking trojans are a particularly hazardous form of malware for several reasons. Firstly, they’re usually well disguised as legitimate software, which makes them difficult to detect for anyone who isn’t a cybersecurity expert.

Secondly, they cause significant damage. In a worst-case scenario, a banking trojan can give cybercriminals total access to your bank accounts, which could spell financial ruin.

How do you know when you’ve been hit? 

Although it can be challenging to spot a banking trojan, it’s not impossible. Like any malware attack, there are a few telltale signs to look out for:

  • New or unexpected forms appearing in your bank accounts
  • Poor device performance
  • Slow or broken applications
  • Missing files
  • Unexpected pop-up windows 
  • Tasks running independently
  • Spam originating from your email accounts
  • Your anti-virus or anti-malware software stops working

It’s important to note that none of these are conclusive proof that someone’s successfully hacked your system. Think of them as signs that suggest something isn’t quite right. So, if you’re in any doubt, it’s time to call the professionals.

What can you do to protect your business?

Thankfully, protecting your business against banking trojans and similar forms of malware is relatively straightforward. Beyond investing in reliable threat monitoring software, we recommend following these six simple steps.

Use multi-factor authentication 

Multi-factor authentication (MFA) is a security measure that requires you to provide two or more verification methods to sign into an application. Instead of asking for your username and password, MFA demands additional information such as:

  • A randomly generated PIN code sent by SMS
  • A piece of memorable information known only to you 
  • Your thumbprint

The idea behind MFA is simple: the more locks you have on the door, the harder it is for an intruder to break in. Think of it as adding a cyber deadbolt, a door chain lock, and some cameras to keep the bad guys out.

Train staff how to spot the signs

Human error is responsible for as much as 90% of cyber breaches, and it’s easy to see why. Few of us are cybersecurity experts, and if you aren’t aware of what a cyber threat looks like, you’re much more likely to find yourself on the receiving end.

Cybersecurity training can bridge this knowledge gap. Training helps staff recognise, understand, and mitigate the threats they face. What this training looks like depends on your business and the knowledge within it. For some, it’s a case of starting from scratch and covering the basics; for others, it’s about addressing specific weak spots.

Patch software regularly 

Patching your software is the simplest way to improve your business’s cybersecurity. Even the best software can develop vulnerabilities, suffer a breach, or become outdated. Software developers release security patches to ensure cybercriminals don’t have an easy route into their clients’ systems.

It's easy to install these patches. You can check your system for updates every few days or activate the auto-update setting on all company devices.

Use a password manager 

Many banking trojans use keyloggers – programs that record your keystrokes so cybercriminals can steal your PIN or password. Using a password manager, which doesn’t require you to type anything, instantly overcomes the threat of keyloggers.

Only download files from trusted sources

This might seem obvious, but if you’re unsure about the origin of a file or piece of software, don’t download it. Set clear rules throughout your business to ensure people only download software from trusted sources, such as Microsoft, Google, or Apple stores. This helps to minimise your exposure to compromised software and malware.

Use all the security features offered by your bank

Banks offer a range of security features. Use them! If your bank provides MFA for sign-in (virtually all of them do), use it. Many business-oriented banks also have app stores full of free or low-cost cybersecurity features. Use them, too. These little extras are often the difference between cyber safety and falling victim to a banking trojan.

Banking trojan examples to watch out for

Zeus

Active since 2007, cybercriminals use Zeus to target Microsoft Windows and steal financial data. It quickly became one of the most successful pieces of malicious software in its class, affecting millions of systems worldwide and giving rise to a host of similar threats. After a brief lull in 2010, when the creator reportedly retired, we’ve seen an uptick in Zeus variants since the source code went public. 

SpyEye

Once touted as the successor to Zeus, SpyEye established itself as one of the most dangerous banking trojans in the early 2010s. SpyEye enabled its creators to steal sensitive information from its victims’ bank accounts, including account credentials, credit card information, and PIN numbers. Its Russian creator was sentenced to nine-and-a-half years in prison in 2016.

Emotet

Emotet is a banking trojan that spreads primarily through email. These emails often use familiar branding and convincing wording to trick the victim into clicking on a malicious link. Emotet has gone through a few iterations since emerging in 2014, in an attempt to circumvent modern detection methods.

Don’t suffer the same fate as Troy

Understanding the threat banking trojans pose and adopting appropriate countermeasures are integral to safeguarding your financial information in today’s digital landscape.

Simple, inexpensive malware prevention tips – like updating your software regularly, using a password manager, and educating staff – help protect your business against banking trojans and other malware strains, too.

Want to know more about the threats facing small businesses? Check out our new research report on SMEs and the cost of living crisis.

SME cost of living crisis

What is fileless malware and how can you safeguard your systems?

fileless malware

The most elusive of all malware; fileless malware is a threat you can’t afford to let slip off your radar. It accounts for 40% of global malware, according to research from Arctic Wolf Labs. And attacks increased by an eye-watering 1,400% between 2022 and 2023. 

The next time you’re assessing cybersecurity priorities, keep protecting your business from these furtive attacks front of mind. 

What is fileless malware?

Fileless malware is malicious code that’s written to your RAM or legitimate system tools rather than your disk (SSD or hard drive). Essentially, it uses your system’s software, applications, or protocols to launch an attack. Technically, it’s not actually fileless, but the name comes from where the code is stored and the fact it uses what already exists in the system. 

The hacker will use the malicious code to gain access to your systems, execute the code by piggybacking on legitimate script, and steal credentials, encrypt files etc. – whatever they’ve set out to do as part of the attack. 
Because code is stored in memory, it generally disappears when you reboot your system (unless the hacker uses more advanced tactics to make the malware stick around on restart). This makes the virus incredibly difficult to spot, meaning security teams and antivirus software may not notice or find out what caused the problem.

Want to know more about the threats facing small businesses like yours? Check out our latest report on SMEs and the cost of living crisis.

Some fileless malware techniques

Living off the land binaries (aka LoLBins)

LoLBins primarily refer to pre-installed Windows binary tools used for default system operations. PowerShell, a Windows scripting language, is an example of this. However, hackers can take advantage of them to launch attacks and avoid detection. 

Memory code injection

A memory code injection inserts malicious code into a computer's memory. 

Fileless malware examples

Operation Cobalt Kitty

OceanLotus Group, who also go by APT32, targeted an international company based in Asia. The long-term attack compromised more than 40 computers and multiple servers. 

They used the Windows PowerShell configuration management tool as an entry point for malicious code. It manipulated network management services so it would stay on systems rather than getting deleted on start-up.  The group managed to penetrate the organisation via spear-phishing emails to senior employees that encouraged them to click on malicious links or download weaponized documents.

Fritz Frog

Fritz Frog is a fileless and serverless peer-to-peer botnet and worm that uses brute force to access secure shell (SSH) servers.  

In January 2020, the cybercriminals behind it launched an attack that lasted for eight months, affecting 24,000 SSH servers from government, education, healthcare, and private enterprises.

Once the malware had successfully compromised a server, it would replicate and spawn threads to achieve different goals, e.g. one would use brute force to access more targets while another deployed the payload. It did this so it could run a cryptocurrency miner to process and steal cryptocurrency transactions from Monero.

Code Red 

Identified as the first-ever fileless attack, Code Red spread worldwide in 2001 and affected more than 300,000 servers.

The worm exploited a Windows vulnerability and affected users of Windows NT, Windows 2000, and Microsoft IIS web server software. It caused websites using the webserver to display incorrectly.

According to a Sophos threat researcher, Microsoft released a patch to protect against the vulnerability just a month before the attack, showcasing the importance of updating software as soon as patches are available. 

How to protect your business

Fileless malware is particularly tricky to detect because it’s written into memory or trusted, legitimate code. That means standard antivirus software doesn’t always detect a problem. And, in cases where the code is written to memory and wiped on restart, there’s no trace of the malicious code to work from. 

However, there are some steps you can take to look after your cyber hygiene and give your business the best defence against malware in general, including fileless malware. 

Patch your systems

Just like Code Red, unpatched vulnerabilities in operating systems, browsers, and software are a breeding ground for cyber threats. To counter this, install patches and security updates as soon as they’re available to give your business the best protection. 

Continuous logging and monitoring 

It’s important to stay on top of any security incidents so you have a full understanding of your IT infrastructure. It’s also important to monitor your systems for any unusual activity so you can respond to potential threats quickly and limit the damage. This can be difficult to do in-house unless you’re a very big business with lots of cybersecurity experience, but there are many options for third parties to monitor your security for 24/7 protection.

Education

To avoid threats, your people need to understand them. And the same is true for fileless malware. So, make cybersecurity training regular, bitesize, and as fun as possible. It’s not about fearmongering, it’s about arming your teams with knowledge. 

Endpoint protection

An endpoint is a device that connects to and exchanges information with a computer network. Endpoint protection includes measures such as device encryption, perimeter security on cloud storage, network access control, anti-malware, and more. 

Get Cyber Essentials certified

Cyber Essentials is a government-backed scheme with a simple framework based on five technical controls. Many of these controls include actions that overlap with our other tips in this section, so you can tick more off your to-do list in one go. 

  1. Secure configuration
  2. Malware protection
  3. Network firewalls
  4. User access controls
  5. Security update management

It’s a great starting point for businesses looking to improve their cybersecurity credentials before moving on to more complex and costly certifications like ISO 27001. And, if you're unsure which option is best for you, start by reading our free guide to certifications in the UK.

The fight against fileless malware

Hopefully, these tips help you to feel more confident about protecting your business against fileless malware. 

However, as with all threats, fileless malware is ever-evolving. One way to ensure you stay cyber confident is to keep updated with information on new threats. Our report on SMEs and the cost of living crisis tells you everything you need to know about how small businesses are tackling cybersecurity during an economic downturn. Read it here.

SME cost of living crisis

How to encourage continuous security improvement in your supply chain

continuous security improvement supply chain

Managing and monitoring cybersecurity across an entire supply chain is a challenging task. This is especially true if you're an SME. However, knowledge and prevention strategies can greatly reduce the risk of a successful supply-chain attack. And, this can be extended to the suppliers and third parties in your supply chain.

Ultimately, the best way to improve your cybersecurity is to create a cohesive, collaborative environment that helps drive continuous security improvement internally and across your supply chain. We’ll explore how to do exactly that in this blog.

Why worry about supply chain attacks?

Supply chain attacks are nothing new but, now more than ever, businesses are accelerating their efforts to prevent them. The National Cyber Security Centre (NCSC) issued new guidance following the recent rise in supply chain attacks, revealing that only one in ten businesses review the risks posed by their immediate suppliers. Similarly, 44% of organisations say they will substantially increase their year-over-year spending on supply chain cybersecurity in the coming year. 

So there's never been a better time to work with your suppliers to identify risks and ensure appropriate security measures are in place. To help you out, here are five simple steps.

5 steps to encourage continuous security improvement for supply chains

1. Understand the basics of cybersecurity

Begin by looking at your organisation. In today’s digital world, the bare minimum of cybersecurity isn’t enough. SMEs are often limited by knowledge and budget, but luckily, there are many accessible solutions to help improve your cybersecurity credentials. Government-backed schemes like Cyber Essentials require you to meet specific cybersecurity standards. By achieving accreditation, you’ll ensure you’re covering the basics. And, with this knowledge, you’re better prepared to assess your supply chain. 

Want to know more about the risks posed by supply chains? Read our guide. 

2. Conduct a risk assessment 

Your supply chain might be extensive with many moving parts and people. Equally, it could be very small. No matter the size, take the time to conduct a thorough cybersecurity risk assessment of your supply chain. This might be asking suppliers whether they have cybersecurity accreditations, such as a Cyber Essentials certification, that help them stay secure and compliant. 

Look for specific risk factors in your supply chain. For example, payment processing software might be more susceptible to skimming attacks. Does your provider have cybersecurity measures to mitigate against this?  It’s happened to even established and seemingly secure businesses, so it could happen to your providers. 

3. Define contractual agreements

If you want to ensure everyone you work with takes cybersecurity seriously, the simplest step is to write cybersecurity requirements into your contracts with third parties and suppliers. This will allow you to define your expectations for
cybersecurity and procedures for communicating and reporting incidents – making everybody safer in the process. 

4. Encourage cybersecurity training

Certifications and contractual agreements can’t totally override human error. You already know your employees should receive cybersecurity training, but do your supply chain contacts also offer it to their employees? Consider making your partners aware of platforms to enhance employees’ cybersecurity training. While this is ultimately your suppliers’ responsibility, open communication about what’s available is beneficial and shows you prioritise cybersecurity.

5. Collaborate and share intelligence

Staying up to date with the latest cybersecurity news is a great method of staying aware of potential risks. Not all SMEs will have dedicated cybersecurity professionals to hand, so following news sources or trusted cybersecurity blogs can help you keep your knowledge up to date. 

It’s wise to share your findings with partners in your supply chain. This might be through a monthly email chain, communication channel like Microsoft Teams, or within your regular meetings. Open communication is key to improving collaboration with your supply chain and demonstrates a desire for a unified effort towards increased cybersecurity. 

Conclusion

The importance of supply chain cybersecurity can’t be understated in today’s landscape. Ian McCormack, Deputy Director for Government Cyber Resilience at the National Cyber Security Centre emphasises this in a recent statement;

“Supply chain attacks are a major cyber threat facing organisations and incidents can have a profound, long-lasting impact on businesses and customers. With incidents on the rise, it is vital organisations work with their suppliers to identify supply chain risks and ensure appropriate security measures are in place.”

Luckily, the road to improved and continuous supply chain security isn’t complex. By taking simple measures, such as a cybersecurity certification and collaborating closely with suppliers, your business will become more secure.

Supply chain CTA 2

5 tips to improve your cloud security

Cloud computing is everywhere. You probably don’t think about it all that much, but most of the platforms and software you use will be hosted in the cloud. However, while cloud-based platforms are generally the safest around, there are extra steps you can take to protect your business. Here are our top 5 tips for improving your cloud security.

1. Use Multi-factor authentication 

Multi-factor authentication (MFA) is an authentication tool that requires you to provide two or more verification methods to sign into an application. Rather than just asking for a username and password, MFA adds some extras. For example,  a randomly generated pin code sent by SMS, a thumbprint, or a piece of memorable information only you know.

You’ve probably already used MFA plenty in your day-to-day life. Many applications now require it and we’re well on the way to it being a near-universal security tool.

This is happening for a very good reason. Strong passwords are important, but they aren’t infallible. A well-orchestrated brute force attack could still find a way through. In contrast, MFA is incredibly difficult for a cybercriminal to crack without access to your phone, fingerprints or deeply personal information.

Moreover, under the new Cyber Essentials requirements, MFA should always be used for accounts connecting to cloud services. 

Want to know more about the cyber threats small businesses face? Check out our guide.

2. Manage user access carefully

It’s likely you’re already doing this with some of the cloud-based software you use. After all, who pays for licences they don’t need? However, as a general rule, it’s important to give your staff access to all the resources and data necessary for their roles, and no more.

There are two key reasons for this. Firstly, it reduces the risk of someone editing or deleting important information by accident. But, more importantly, it protects you from hackers who have stolen an employee's credentials.

Practising proper segregation of user accounts limits the damage any successful breach can cause. To learn more about how to do that, check out our blog on admin users

3. Create a comprehensive off-boarding process

It’s never nice when a colleague leaves, especially if it’s not on good terms. But however staff leave, you need to make sure they no longer have access to cloud platforms, systems, data and customer information.

Of course, it’s unusual for employee off-boarding to go dramatically wrong, but that doesn’t mean you shouldn’t take precautions. Too many businesses leave the process weeks or even months after an employee has left, or forget altogether. 

This is a big security risk. By failing to cull access permissions for former employees, you’re losing control over who can access your systems and data, and potentially giving cybercriminals an easy route into your business.

To prevent the worst, you’ll need a systematic process for ensuring all access rights are revoked. This can be tricky as most employees will have access to a range of applications and platforms. So, to make it a simpler process, keep an up-to-date list of who has access to what. And, if you don’t have the bandwidth to do so in-house, there are plenty of tools available to automate the process.

4. Consider a cloud-to-cloud backup service

As we’ve mentioned, a direct breach of any cloud platform you use is unlikely (though not impossible). Nevertheless, the risk to your data from human error is high. Some 90% of all breaches start with some form of human error.

The problem is, should a cybercriminal corrupt your data or an employee delete something, most cloud platforms will only keep backups of deleted data for a specific period. This can range from days to months. So as well as checking with the provider what its policy is, it could be worth having a reserve option.

Many providers offer regular cloud-to-cloud backup services. And, it’s an option well worth considering for particularly important or sensitive data. 

5. Provide regular security training for employees

If you’ve read any of our blogs before, you’ll know we really hammer home the importance of staff training. Cloud platforms typically have very good defences, meaning the most likely way a hacker will bypass them is by stealing employees’ login credentials. This will usually happen through a social engineering attack, such as phishing.

The best way to counter this is with regular security training. That way, your people will be able to recognise potential threats and avoid them. There’s no such thing as one-size-fits-all security training. What the training looks like will depend on your staff and their knowledge gaps. 

However you do it, keep it regular, useful, and engaging. For more on how to get started, we recommend reading our blog on security training.

To find out more about the threats facing businesses, read our guide, The State of UK SME Cybersecurity. It’s full of useful insights into the risks small businesses face and what can be done to counter them. Get your copy here.

State of SME cybersecurity

What is a social engineering attack?

We all know what a classic cyberattack looks like. It usually involves hackers with high levels of technical expertise and some form of a malicious tool like ransomware or malware. 

However, cybercriminals don’t always use the latest malware and cyberattacks don’t have to be highly technologically advanced. There’s a whole other class of threats that harness the most powerful weapon of all – our brains.

These cyberattacks are known as social engineering attacks. But how do they work? And how can your business protect itself? 

What is social engineering? 

The term social engineering covers a broad range of malicious activities. What ties them together is that they all use human interactions to achieve their sinister ends. Broadly speaking, all social engineering attacks use psychological manipulation to trick us into making security mistakes or giving away sensitive information.

For more on how cybercriminals do this, we highly recommend our blog on how the internet encourages cybercrime. 

What does a social engineering attack look like? 

Now we know what a social engineering attack is, let’s look at how they work in practice. Although there are potentially endless types of social engineering attacks, there are four general categories most fit under. 

1. Phishing 

You’ve almost certainly heard of phishing attacks. They’re by far the most common form of social engineering, but that doesn’t make them less dangerous.

Most phishing attacks seek to do three things:

  • Steal personal information such as names, addresses and banking details
  • Redirect victims to malicious websites that contain phishing landing pages or malware
  • Use threats, fear or a sense of urgency to manipulate the victim into acting quickly 

A lot of phishing attacks are poorly executed and easy to ignore. We’ve all had emails claiming to be from a well-known brand, only to notice the web address or logo is subtly wrong. However, plenty of phishing attacks do succeed.

For example, in May 2021 US fuel supplier Colonial Pipeline was subject to one of the largest ransomware attacks in history, triggering a fuel crisis in the process. It’s believed the attack began with a simple email phishing scam that managed to extract an employee password. 

So, even though they might be limited and often badly done, it’s unwise to underestimate the humble phishing scam. 

2. Piggybacking 

Also known as ‘tailgating’, piggybacking involves exactly what it sounds like (although not quite literally). In this type of attack, someone without the proper authentication follows a company employee into a restricted area. 

Here’s an example of how it might work:

  1. The attacker waits outside the company’s office, posing as a delivery driver or plumber.
  2. An employee enters using their keycard or other security accreditation.
  3. The attacker asks the employee to hold the door.
  4. They do, and suddenly the attacker has access to the building.

Once in, the attacker is one step closer to accessing confidential files, stealing company property, conducting corporate espionage, or physically attacking the business’s systems.

This might sound a bit ‘low-budget spy thriller’ but the danger is very real. And SMEs, who typically have fewer physical security checks in place, are particularly at risk.

3. Pretexting

Of all the four threat types on this list, pretexting is the hardest to counter. Why? Because it relies on plausibility. A good pretexting attack will create a fabricated, but completely reasonable, scenario to try and steal information from victims. 

A pretexting attack usually works something like this. The scammer poses as a supplier and claims to need information from the target to confirm their identity. They then pilfer this data and use it to steal company property, enter business systems, or launch a secondary attack. 

To give a real-world example, between 2013 and 2015 Facebook and Google were conned out of $100 million after falling for a fake invoice scam. A Lithuanian cybercriminal called Evaldas Rimasauskas realised both organisations used the infrastructure supplier Quanta Computer.

Sensing a vulnerability, he sent a series of fake multimillion-dollar invoices from Quanta Computer over two years. These invoices even included contracts and letters, apparently signed by the tech giants’ staff. 

The cybercriminal was eventually caught and Facebook and Google recovered some of the money. However, if two of the largest and most technologically advanced companies in the world can fall for such a simple scheme, so can anyone else. 

4. Quid pro quo 

Quid pro quo attacks promise a benefit in exchange for information. This benefit is usually some sort of service. 

For example, an attacker may call random phone extensions at a company, pretending to be returning a call from a technical support enquiry. Once they find someone who really has a problem, they pretend to help them but use it as an opportunity to plant malware or access important company data. 

What can you do to protect your business?

Education, education, education 

There’s a well-worn statistic that 95% of cybersecurity breaches are down to human error. But when it comes to social engineering attacks, that figure is much closer to 100%.

The best way to counter this is through security training. Training can help your employees recognise the tactics cybercriminals typically use such as impersonating a supplier, creating a sense of urgency, or offering bogus services. 

As we’ve said before, where many social engineering attacks fail is attention to detail – there’s usually something that isn’t quite right. And you can train your people to recognise these tells. Some examples include spelling mistakes, subtly different URLs, unsolicited communications and suspicious email attachments.

Create clear cybersecurity policies

If your people don’t know which behaviours are harmful, they can’t correct them. So, you need easy-to-follow cybersecurity policies to make it clear what behaviours are expected of them. On top of this, make sure everyone can find them. After all, there’s little point in an important policy document that spends its life languishing in a corner of the shared company drive. 

For more on why cybersecurity policies are so important and how CyberSmart can help, read this

Foster a positive cybersecurity culture 

If your business does fall foul of a social engineering attack, acting quickly could be the difference between a minor inconvenience and disaster. But for this to work, your employees need to feel comfortable asking for help, raising concerns or owning up to mistakes. 

All too often, security mistakes go unchecked and breaches become so much worse than they needed to be because staff are too afraid to report them. 

Check your cybersecurity measures

Alongside training your staff, it’s also worth checking (or implementing) your technological cybersecurity measures. These include firewalls, antivirus and anti-malware, patching and access management policies.

By having these measures in place and regularly checking them, you should be able to limit the number of attacks that ever reach your staff. 

Looking to improve your cybersecurity but not sure where to begin? Start by getting certified in Cyber Essentials, the UK government scheme that covers all the fundamentals of cyber hygiene.

CTA button

What is ransomware?

Shocked female discovering a ransomware attack on her business

Of all the cybersecurity threats we cover, ransomware is by far the most high-profile. It often seems as though barely a week passes without another story in the news about the latest blue-chip victim.  

It’s not hard to see why the media devotes so much coverage to ransomware. It’s a rapidly growing threat. It usually includes a note of suspense as we all wonder whether the victim will pay the ransom. And, it’s claimed some of the biggest companies on the planet as its victims.

But beyond the media headlines, ransomware is poorly understood. How does it work? Why is it so hard to stop? And, more importantly, what can you do to protect your business? 

How does ransomware work? 

Most ransomware uses a special kind of encryption, called ‘asymmetric encryption'. That might sound complex, but it’s actually very simple. Like standard encryption, it uses a pair of keys to encrypt and decrypt a file. However, unlike standard encryption, the attacker is the only person with access to the key to decrypt the file. It’s this key that cybercriminal uses to hold the victim’s files for ransom. 

Or, to put it in simple terms, it’s a bit like leaving the office to find your car has been clamped and a ticket attached to the windscreen with a demand to pay £250 to have it freed. Unfortunately, that’s where the similarities end. While you might be able to remove a clamp with the help of a mechanic, it’s virtually impossible to decrypt an encrypted file without a key. 

And it’s for this reason that in most successful ransomware attacks the victim is forced to quietly pay up to get their files back. 

How does ransomware get in? 

Much like its cousin malware, ransomware comes in many forms and can enter your system in a variety of ways. However, the most common route is through email spam campaigns or through a carefully targeted attack – think March’s attack on Acer or the infamous attack on the NHS in 2017. 

Once it’s in, the ransomware drops off its malicious cargo and then searches for valuable files to encrypt. ‘Valuable’ files are usually things like Word documents, spreadsheets, images and databases. Ransomware can also exploit any system or network vulnerabilities you have and spread across your organisation and into your supply chain

Why is ransomware so hard to stop? 

If it poses such a huge threat, then why does ransomware continue to grow more common and payouts keep climbing? Surely someone has come up with a way to fight it? 

Unfortunately, ransomware is very tricky to counter for a few reasons.

Easy to set up

Cybercriminals no longer need to be coding wizards to launch a ransomware attack. Malware marketplaces have sprung up in the shadier corners of the internet, meaning would-be crooks can essentially order ransomware on-demand. Often all its creator will ask for in return is a share in the profits. 

Most people pay up

The success of ransomware rests on the same principle as any other type of ransom. Generally, if something is valuable to someone and they risk losing it forever, they’ll pay whatever is necessary to get it back.

Cybercriminals know this, it’s what makes ransomware such a lucrative scheme. 

It’s hard to track the perpetrators down 

Remember the old adage ‘follow the money?’ Sadly, it’s nonsense when it comes to ransomware. Most cybercrime is paid for using cryptocurrency and planned in the darkest reaches of the internet, making it very hard to track.

There are endless targets 

Wherever you are in the world, cybersecurity knowledge is low. It’s low among business leaders. It’s low among staff. And it’s low among the general public. This means potentially endless targets for cybercriminals.

As we mentioned earlier, ransomware typically enters organisations through pretty unsophisticated methods. However, ransomware doesn’t need to be sophisticated when so few of us understand what an attack looks like. 

How do you protect your business? 

We’ve painted a pretty bleak picture so far, but don’t despair. There’s plenty you can do to protect your business against ransomware. 

Training, training, training 

According to research, 95% of cybersecurity breaches begin with human error. This is especially true when it comes to ransomware, with most attacks starting through a dodgy email being opened or malicious file downloaded. 

But before we rush to condemn human failings, it’s worth asking whether your people have been trained to spot threats. After all, if your employees have no idea what a ransomware attack looks like, they’re far less likely to take the right action to protect themselves or your business. 

The best way to beat this is through training. Training can help your people better recognise and understand the threats they face. And, more importantly, learn how to counter them. 

The kind of training you need will be highly dependent on your business and the existing knowledge of your staff. But a great place to start is by reading our blog on all things cybersecurity training. 

Backup your data

As we mentioned earlier, most victims end up paying out to ransomers but there's a very simple way to avoid this. Always backup critical files and data, preferably in the cloud or on an external hard drive. That way, if you do get attacked, you can wipe your device(s) and reinstall everything from backup. 

This won’t completely remove the threat of ransomware, but it will remove the need to pay your attacker to get your files back.

Patch your software

Updating software is a hassle, we get it. There never seems to be a convenient time to reboot your device and the endless passive-aggressive reminders from your operating system can get very grating. 

However, it is important, particularly when it comes to protecting yourself against ransomware. Even the best software develops vulnerabilities over time. It could be that the software was built with vulnerabilities that weren’t anticipated at the time or it might be that a new cyber threat has emerged. Whatever the reason, software developers get around the problem by releasing security patches.

These updates fix the ‘holes’ in your software that can be exploited by ransomware. Without them, you risk giving cybercriminals a back door into your systems and data.

But the good news is all you have to do is regularly update any software or tools you use. It shouldn’t take more than a few minutes each week and it’s by far the most effective (and simple) way to protect yourself. 

Read more about the importance of patching here.  

Stick to secure networks 

Whether it’s at your favourite local coffee spot or on the train to that important client meeting, using public Wi-Fi networks is a bad idea. Most public networks have poor or non-existent security and are the perfect place for cybercriminals to snoop on your internet usage and launch attacks. 

If you need to connect to a public network for any reason, use a Virtual Private Network (VPN). A VPN allows you to connect to business systems securely and browse the internet safely, wherever you are. For everything you need to know about VPNs, check out our blog on the subject

Put security policies in place

It’s one thing to improve staff awareness of the threats posed by ransomware, quite another to ensure everyone is following security best practices. This is where a clear, easy-to-understand cybersecurity policy can work wonders. 

A well-crafted policy will help your people understand what they should and shouldn’t do and help them make the right decisions when faced with threats like ransomware. 

Stay informed

Last, try and keep an eye on the latest ransomware threats. To be clear, we’re not suggesting you become a cybersecurity expert overnight (unless you want to). However, having even a basic knowledge of what ransomware looks like can help prevent the worst. 

Is your business working remotely or considering making the switch? Don’t do anything without reading our guide to cybersecurity in a new era of work.

Remote working CTA

Why security training is the key to improving your cybersecurity

Security training

When you think about tools for improving your organisation’s cybersecurity, it’s likely things such as anti-virus software, firewalls and encryption that immediately spring to mind. And, if it appears at all, security training is probably some way down the list.

However, security training is one of the most effective ways to protect your business against cyber threats. Here’s everything you need to know. 

Why is training so important? 

According to research from Stanford University, 88% of cyber breaches can be put down to human error. Or, in simpler terms, if your employees aren’t aware of what cyber threats look like, they’re much more likely to fall foul of them. 

The best way to beat this is through training. Training can help your people better recognise and understand the threats they face. And, more importantly, learn how to counter them. 

88% of cyber breaches can be put down to human error

What does effective security training look like? 

Firstly, there’s no such thing as one-size-fits-all security training. Well, at least not if you want it to be effective. The sort of training your business requires will depend on your staff and their knowledge gaps. 

For some businesses, this means starting with the basics. Meanwhile, in others, training addressing specific weak spots in employee knowledge will prove the best route. To read more on tailoring security training to your business, check out this excellent piece from our UX Researcher Anete.

Whichever approach you choose, remember there’s such a thing as too much information. Learning about cybersecurity (especially for the first time) can feel overwhelming. 

There is a multitude of different threats and concepts to learn. So keep it simple. Your employees don’t need to know everything or become cybersecurity experts overnight. They just need the information that’s most relevant to your industry or business. 

Training should follow the little and often approach. Little, because no one learns best by bombardment. Often, so that your people get into the habit of thinking about cybersecurity regularly. 

Think short, sharp exercises that fit into a lunch break or the time between meetings. It’s important that the training doesn’t impact staff’s core work or become a chore they quickly disengage from. 

And, finally, make it engaging. Include a mix of text, videos and interactive tasks in your training. After all, few of us learn best when the method is boring or feels like a slog.  

How do you get started? 

By this point, you’re hopefully convinced by the merits of security training. You may even have a good idea of which knowledge gaps you need to address within your business. But where do you start?  

At CyberSmart, we’ve noticed a gap in the market for engaging, jargon-free training to help build cybersecurity awareness within SMEs. So, we’ve created CyberSmart Academy. CyberSmart Academy is a simple, do-it-yourself approach to security training. And it's available to anyone who uses CyberSmart Active Protect. 

Through a series of bite-sized modules, CyberSmart Academy helps your people sharpen their knowledge of cyber threats and develop the skills needed to avoid them. Through videos, articles and interactive quizzes, your staff will quickly boost their knowledge. And, with each module designed to fit into a lunch break, it won’t impact their work or bore them to death. 

We’ve even included a little healthy competition into the process. Once training is complete, staff enter into a company-wide league table, so they can see how they perform against their peers. 

CyberSmart Academy is set to launch in just a few weeks, but if you’d like to know more get in touch, we’re happy to answer any questions.

Looking to improve your cybersecurity but not sure where to begin? Start by getting certified in Cyber Essentials, the UK government scheme that covers all the fundamentals of cyber hygiene.

CTA button