Article
What is ransomware and how does it work?
9/5/2022
min read
Security
This article was originally published on our Norwegian blog.
In recent months alone, we’ve seen several examples of threat actors demanding ransom as payment to return companies’ data. This means that you must prevent it, but still be prepared for digital attacks. What’s your plan on the day your company is affected?
First of all, what is ransomware?
Ransomware is a malicious virus that paralyses digital systems by encrypting files. The threat actor then demands a ransom to unlock the encryption. Either that, or they retrieve the data before encrypting it, before demanding money for not selling or leaking the data. Often there’s sensitive business or personal information.
Are you familiar with other threats and vulnerabilities?What are the chances of being attacked?
The Norwegian Cyber Security Centre (NCSC) says they’ve been aware of dozens of incidents in recent years — but the actual figures are probably even higher. The frequency of attacks has escalated in the last two years, and they’re carried out more and more professionally.
The newspaper group Amedia, Nordic Choice Hotels and Nortura are among those affected by the ransomware virus in recent months. Cyber Security Hub reports that organisations including Puma, Hensholdt and Bridgestone have all been subject to ransomware attacks since the start of 2022.
Who’s carrying out the attacks?
In most cases, the attacks are carried out by threat actors with high digital competence, either on their own initiative or on behalf of others.
Ransomware is constantly evolving. Tools and methods are constantly changing, and there’s a widespread underground market (”ransomware as a service”) where this type of service has had a rise.
Once attacked, are you doomed to pay?
The Norwegian Cyber Security Centre (NCSC) strongly advises against paying ransom. Payment is the main driving force for the criminals to continue their attacks. In addition, paying isn’t a guarantee; many have experienced being attacked again after paying a ransom. And you have no guarantee of getting your data back.
”Paying isn’t a guarantee; many have experienced being attacked again after paying a ransom. And you have no guarantee of getting your data back.”
3 horror stories from the past year
1. Large media group
At the end of 2021, the large media group Amedia was attacked by a ransomware virus. Data was encrypted and personal information went astray. Several IT experts criticised the group, saying it was reasonable to believe that Amedia had failed in their internal routines and expertise, making them more vulnerable to threats.
2. Norwegian municipality
The computer systems of the municipality of Østre Toten were down for several months early in 2021. The clean-up cost more than 33 million NOK (approx 3,3 million euro). In addition, they were fined 4 million NOK (400.000 euro) by the Norwegian Data Protection Authority for not securing sensitive personal data well enough. The hackers behind it exposed tens of thousands of internal documents, among them social clients and asylum seekers in the municipality.
3. Food retailer
In 2021, the Coop chain in Sweden was hit by an extensive hacker attack, affecting Swedish Coop stores. The hacker group Revil claimed responsibility and demanded NOK 600 million NOK (60 million euro) to release the computer systems. Technicians had to travel to each store to restart the checkout systems manually which led to a loss in both food and sales.
How do I insure my company against ransomware?
The best way to avoid being exposed to ransomware is to be a cautious computer user. Be critical and careful about what you click on and download. Businesses should familiarise themselves with up-to-date information and see if they need to update their assessments and risk management plans. Here are five more tips for protecting yourself against attack:
- Keep operating systems, software, and applications current and up to date.
- Make sure anti-virus and anti-malware solutions are set to automatically update and run regular scans.
- Back up data regularly and double-check that those backups were completed.
- Secure your backups. Make sure they are not connected to the computers and networks they are backing up.
- Create a continuity plan in case your business or organisation is the victim of a ransomware attack.
Voice of Visma
We're sitting down with leaders and colleagues from around Visma to share their stories, industry knowledge, and valuable career lessons. With the Voice of Visma podcast, we’re bringing our people and culture closer to you. Welcome!