Ransomware attacks dismantling businesses in the US and our reader asked if this is something that can happen in the UK and if so what precautions have the UK Yard Management Systems put in place to prevent this occurring in the future? Also what practical daily operations can UK based yards do to protect themselves?
Firstly, what is Ransomware?
Ransomware is a type of malicious software, or malware, designed to deny access to a computer system or data until a ransom is paid. Ransomware typically spreads through phishing emails or by unknowingly visiting an infected website.
We got in touch with Automotive Recyclers Association [ARA] to find out more about how ransomware has been attacking their member’s software systems and how they are overcoming this threat:
‘Over the course of about a week in July 2019 ARA was informed that dozens of automotive recyclers were hit with ransomware attacks. The severity of the attack, the amount of data that was encrypted and amount of payment demanded for the restoration of such data varied widely. Some ARA members experienced minimal damage to a single computer or server, while others were locked out of their inventory for days. Ultimately all impacted businesses are back up and running.
What occurred was a ransomware attack initiated through a third-party provider utilized by one of the industry’s leading inventory management system providers. The third-party software is called Bomgar and is a trusted, top tier software company utilized by many to provide technical support. The Bomgar software was used to connect with recyclers’ systems and attack the individual businesses and their inventory data as well as computer hardware.
Automotive recyclers worked with their IT departments and inventory management providers to recover their data and get back up and running. ARA members were encouraged to keep an eye on their servers and be vigilant.
ARA conducted a follow-up webinar on August 14 for members focusing on how to minimize risk, how to be prepared – including how to develop a “breach response plan”, and how to respond in case of a hack. A panel of recyclers will share their experience with ransomware during an educational session at ARA’s 76th Annual Convention in October.’
Of course, this threat is worldwide so we wanted to find out what can be done to avoid attacks of ransomware. We got in touch with some software providers for their thoughts:
We asked Dave Harcourt, IT Director at SYNETIQ for his thoughts on how to protect computer systems from ransomware:
You can help your employees by making sure all external emails are clearly marked as such, with a clear warning about the risks of clicking any link contained within.
You should also employ software to check that any link that is clicked is tested to be safe. Make sure every email is checked to be safe, by off-site email checking programs, before it gets delivered to your staff.
Finally make sure all your data is backed up every day and all backups are fully verified – that way, should the worst happen, you can at least restore your data.
There are a whole range of good practices and security suites, but never forget… The most important way to protect your business is through educated employees.”
Here’s what Paul Cunningham, Head of Operations at Hollander International had to say on the matter:
“With ransomware and malware being a very real threat to data and business continuity in recent years and having increased by 118% alone in Q1 2019, Hollander take the view that prevention, server security and best practice is key to keeping our yards running without fear of a malicious attack targeting critical data and paralysing core systems.
Whilst Hollander use on premises servers to host the Pinnacle Professional Yard Management Software, these yard-based servers run a Linux operating system which is less susceptible to these kinds of Ransomware attacks. We always look to change the standard port configurations and lock these ports down to only the IP addresses required to access the server. This ensures that only valid traffic is allowed via the Firewall and routes are restricted internally on the local area network.
We offer multiple backup solutions for our customers. Yards can have their data backed up both locally and on cloud-based repositories. These backups are checked daily by our Service and Support team to ensure that we always have a verified copy of the critical data essential to ensure that our yards can continue to trade if the unimaginable were to happen.
We hear of large corporations with vast IT infrastructures being targeted and data being either stolen or encrypted almost daily. If large organisations are vulnerable to attacks smaller companies and businesses are open to similar threats.”
Paul’s advice to the ATF industry would be:
- Don’t think you’re not susceptible to attack
- Be vigilant when dealing with emails
- Keep Malware and Virus definitions updated as well as Operating systems and applications
- Use strong passwords and rotate often
- Ensure you keep an off-site backup of your critical data
- Change your ports for RDP (3389) and SSH (22)
- Be careful with USB and removable media on your local network
Ransomware criminals can attack any sized businesses but by understanding these threats it is a good way to help keep ransomware at bay.