Story image

Local SMEs are the most vulnerable to ransomware attacks: Turrito Networks

20 Jul 17

Turrito Networks, based in South Africa, believes that local SMEs are the most vulnerable to ransomware attacks.

Brian Timperely, managing director and co founder of Turrito Networks says, “Over the past year, cyber security experts and analysts have been warning businesses and individuals about the growing threat of ransomware.”

“On Friday May 12, all the doomsday predictions of crippling global cyber fraud became a rather frightening reality, as ransomware dubbed ‘WannaCry’ infected 114 000 Windows machines in just 24 hours.”

“Arguably, SMEs are currently the most vulnerable to ransomware attacks,” he adds.

“This is simply because many businesses believe that they are unlikely targets. There is a mistaken belief that banks and major multinationals are primarily the ones who have to worry about vicious cyber fraud.”

He says that ransomware is about volume - it doesn’t discriminate based on size, sectors, individuals or businesses. In short, it’s a numbers game conducted at random and on-mass.

Timperely says, “Malicious fraudsters without any hacking or deep technical ability are able to launch ransomware attacks on business and individuals.”

He believes that the encryption and technology behind ransomware attacks is readily available on the internet and dark web.

There is no question however, that the WannaCry ransomware attacks were malicious and by no means a form of ethical hack or attack.

“Worryingly, most local SMEs are taking a wait and see approach to ransomware and are consequently placing themselves at massive risk. Local SMEs need to be prepared upfront.

"Backup solutions, anti spam and antivirus as well as email compliance and archiving are essential tools to have in place.”

On a very practical level, one of the factors currently leaving many SMEs at risk is their choice of Internet providers, Timperley explains.

"Understand that there are no symptoms or warnings that come attached to ransomware. If you are attacked, your data will be held ransom until the fee is paid. No one can unlock the data once it has been encrypted. This means that preventative action is everything,” he adds

Timperely concludes, “In the past three months we had over a dozen customers hit by ransomware attacks, all of whom were able to either avoid the impact altogether (through detection tools), or instantly restore the machine or server without impact to their business. Three new companies asked for assistance to their already ransomed data.”

“Had they implemented these tools upfront with their service providers, the disasters would have been totally averted.”

Disruption in the supply chain: Why IT resilience is a collective responsibility
"A truly resilient organisation will invest in building strong relationships while the sun shines so they can draw on goodwill when it rains."
Businesses too slow on attack detection – CrowdStrike
The 2018 CrowdStrike Services Cyber Intrusion Casebook reveals IR strategies, lessons learned, and trends derived from more than 200 cases.
What disaster recovery will look like in 2019
“With nearly half of all businesses experiencing an unrecoverable data event in the last three years, current backup solutions are no longer fit for purpose."
Proofpoint launches feature to identify most targeted users
“One of the largest security industry misconceptions is that most cyberattacks target top executives and management.”
McAfee named Leader in Magic Quadrant an eighth time
The company has been once again named as a Leader in the Gartner Magic Quadrant for Security Information and Event Management.
Symantec and Fortinet partner for integration
The partnership will deliver essential security controls across endpoint, network, and cloud environments.
Is Supermicro innocent? 3rd party test finds no malicious hardware
One of the larger scandals within IT circles took place this year with Bloomberg firing shots at Supermicro - now Supermicro is firing back.
25% of malicious emails still make it through to recipients
Popular email security programmes may fail to detect as much as 25% of all emails with malicious or dangerous attachments, a study from Mimecast says.