Ransomware affecting South West businesses

SWRCCU

Taunton Chamber of Commerce have a great working relationship with the South West Police’s Regional Cyber Crime Unit – it’s an important connection, allowing us to get news of business cyber threats, plus protection hints and tips out to our members as quickly as possible. Please see below the latest update from the SWRCCU, including up to the minute news and advice regarding Ransomware currently affecting South West businesses.

Current Threat

Ransomware affecting South West organisations
Ransomware is malicious software that locks your devices and data, and demands a payment to regain access. We are seeing various ransomware variants affecting organisations across the South West.
We’re currently investigating an incident affecting an organisation involving the ‘Sodinokibi’ strand of ransomware, which is the same variant that affected Travelex earlier this year.

Advice

> Have an effective backup procedure in place
If you’re hit by ransomware, then you can restore from your backups. Make sure that your backups aren’t connected to your internal network (or else they’re at risk of infection as well!), and generally make sure that you have a mix of offline and online backups.

In summary, check that you have backups, know what’s on them, and make sure you test them to see if they actually work!

> Educate and train staff to defend against common cyber threats
In particular, staff need to be aware of how to defend against ‘phishing’ – see the NCSC’s guide on this at https://www.ncsc.gov.uk/phishing

> Secure your devices
– Ensure that all software is frequently patched and updated.
– Install and run Antivirus software, and keep it updated!

> Use firewalls
Use firewalls and configure them correctly. If you aren’t responsible for this, ask your IT manager/provider to confirm that this has been done properly.

> If you suffer a ransomware attack, we recommend you do NOT pay the ransom
If you do pay, there’s no guarantee that you’ll receive your data back. We always encourage victims to report the crime to Action Fraud via phone (0300 123 2040) or website at https://www.actionfraud.police.uk
Action Fraud operate a 24/7 live cyber reporting line for organisations! Further details at https://www.actionfraud.police.uk/campaign/24-7-live-cyber-reporting-for-businesses

> For more information on mitigating malware and ransomware, please see the updated NCSC guidance at https://www.ncsc.gov.uk/guidance/mitigating-malware-and-ransomware-attacks

Events

Webinar: The Internet of Things – Protecting your Devices, your Data, and your Home
Mon 4th May, 14:00-15:00

As part of the National Protect Network’s Cyber Security Webinar series, we’ll be delivering a free webinar on cyber security and Internet of Things (IoT) devices.

This free webinar is an opportunity for you to learn more from Cyber Protect officers on how to stay protected against cyber criminals. Also, a Detective Sergeant from the unit will take you through a real cyber crime investigation involving internet connected devices, and the challenges that law enforcement faced to bring an offender to justice.

Register for the webinar at https://www.eventbrite.co.uk/e/the-internet-of-things-protecting-your-devices-your-data-and-your-home-tickets-102894293602

This is just one of many sessions being delivered by the Protect network, which are going out Mondays and Thursdays. You can find the others by following the event organisers on Eventbrite at https://www.eventbrite.co.uk/o/national-policing-protect-network-30099872466

Podcast: Cyber Security during COVID-19

Last week Oxford Innovation Cornwall released a podcast with our very own Stephen Holton, talking about the importance of protecting your business against cyber threats during this challenging time.

Take a listen!

Apple
https://podcasts.apple.com/gb/podcast/oxford-innovation-cornwall-podcast/id1489698443#episodeGuid=Buzzsprout-3487975
Spotify
https://open.spotify.com/episode/0Q7sHM1phGLHKiWhzuPF63?si=lRQ-Tn3dTOS_NIUDvMpbHA

News

Cyber Aware campaign re-launched
Last week the NCSC relaunched the Cyber Aware campaign, which promotes secure online behaviours for UK individuals and businesses. The new campaign is stocked full of useful resources and advice, take a look at https://www.ncsc.gov.uk/cyberaware/home

Suspicious Email Reporting Service (SERS)
Spotted something suspicious in your inbox? You can now forward phishing emails to the NCSC’s new Suspicious Email Reporting Service, helping to protect the UK from email scams!

Read more about how the service is automating the takedown of malicious infrastructure at https://www.ncsc.gov.uk/information/report-suspicious-emails

Shade Ransomware (Troldesh) ransomware shuts down and releases decryption keys
The Shade ransomware gang have published more than 750,000 decryption keys on GitHub. Find out more at https://www.zdnet.com/article/shade-troldesh-ransomware-shuts-down-and-releases-all-decryption-keys/

Useful Links

No More Ransom
The No More Ransom project is an initiative between law enforcement and the private sector with the goal of helping victims of ransomware retrieve their encrypted data without having to pay criminals. Find out more at https://www.nomoreransom.org

Cookie	Duration	Description
_ga	2 years	Registers a unique ID that is used to generate statistical data on how the visitor uses the website.
_gat	Session	Used by Google Analytics to throttle request rate
_gid	Session	Registers a unique ID that is used to generate statistical data on how the visitor uses the website.
collect	Session	Used to send data to Google Analytics about the visitor's device and behaviour. Tracks the visitor across devices and marketing channels.
r/collect	Session	This cookie is used to send data to Google Analytics about the visitor's device and behavior. It tracks the visitor across devices and marketing channels.