Picture this dreaded scene: you wake up one day, turn on your computer and you see a pop-up message. All of your data has been encrypted. You can’t access any of your work or personal files, your messages, and so on. Your machine has been rendered essentially useless, unless and until you send funds via a highly complex route to an untraceable account of a mystery person – someone who is holding you and your life to ransom.
This was the scenario facing Travelex, a major foreign exchange and currency provider, as it dealt with the impact of an ongoing ransomware attack which first struck on New Year’s Eve. Many of us that are frequent travellers have probably used Travelex services and know that the company has many outlets distributed across several countries, about a 1,000 outlets in 26 countries to be precise. Currently those stores are trying to get back to normalcy, with staff previously having to resort to paper-based processes in an attempt to serve customers.
The company’s online currency services also went down, and partners including HSBC, Barclays and First Direct – which rely on Travelex to provide foreign currency options to their customers – are unable to offer this service.
The threat in question is a particularly sophisticated strain, the Sodinokibi Windows ransomware.
Reports state that this ransomware is available for purchase online, ready to be deployed by cybercriminals targeting large businesses in the hope of a significant ransom pay out.
Whether or not these particular cybercriminals were successful in achieving the $6m they demanded from Travelex is unclear. But the devastating effects of this attack reinforce the significant risks posed by increasingly powerful malware and ransomware today. So how can businesses protect themselves to avoid becoming the next major victim?
Stay clean and stay updated
While it sounds obvious, it’s so often overlooked because it can be operationally hard: critical updates and patches (often issued as a direct response to emerging threats) are no good if they aren’t implemented in a prioritised manner. In our experience this is more than just a workload issue attributable to over-stretched IT and security teams. Often there are cultural and organisational issues in play whereby teams are kept waiting for sign-off to implement new patches. A CFO for example might fear a patch causing downtime around key financial reporting periods such as month or year end. Delaying the implementation of patches can leave firms extremely vulnerable to new threats and should be avoided at all costs.
Be proactive through vigilance
Buying a security solution (or suite of solutions) doesn’t mean it’s “job done” for the year. Companies must maintain a proactive mindset. The threat landscape is constantly changing and simply deploying security tools and hoping for the best while new threats emerge is not a strategy.
The “incident response” mindset is getting outdated and instead, companies must implement “continuous response” thinking.
This means deploying both detection and predictive tools and red-teaming services to gain a complete overview of your defences and addressing any weaknesses as soon as they are uncovered.
Companies should make this switch as part of their ongoing digital transformation efforts.
You’re not alone
Due to the scale of the security challenge facing businesses today, more and more organisations are turning to managed security services providers (MSSPs). MSSPs can work with companies to develop preventative security strategies based on the risk profile of the company, to reduce the chances of the organisation falling victim to an attack, for example by providing constant proactive monitoring and threat hunting.
If the worst happens, MSSPs also support businesses with emergency response to help mitigate threats, including services like emergency helps desks and proactive patching of antivirus systems, servers and desktops.
This would be a hefty job for a business to tackle on its own, especially at the time of a highly stressful and evolving crisis such as the crippling ransomware attack Travelex is currently facing.
It’s hard to overstate the impact this attack is having on Travelex’s business, its partners and its customers. The cost of any such breach stretches to millions with only a few hours of impact. These types of attacks are becoming more frequent, more serious and more damaging. No business can hope to have a 100% effective security strategy in the modern era, but a strategic mix of proactive and reactive strategies and well-chosen security partners will give any organisation the best possible fighting chance of averting and repelling threats.
As we head into a new year and a new decade, take a look at our top 5 blogs of 2019.