In October of last year the British Library suffered a ransomware attack. As recently as last month, the library was operating without any of its web based applications and facilities; no website, no phone lines and no online services at all.
What happened to the British Library?
The British Library was the victim of a ransomware attack. In this kind of attack, a vulnerability in a system is exploited by a hacking group. This vulnerability could be anything from a poorly secured piece of hardware, like a printer without a password, or a phishing email opened using the British Library’s Wi-Fi.
Whilst it is difficult to know for sure how hackers got into the British Library’s systems, once they did have access, they were able to encrypt the files which they had access to. This effectively scrambles the contents of all the files, rendering them unreadable. Within the system was a way to ‘pay the ransom’; send the group an inordinate amount of money (usually in Bitcoin or some other cryptocurrency) and they’ll provide the password to rectify the files.
The British Library did not pay the ransom, and reportedly 490,191 files were made available for sale on the Dark Web. After a week, this data was made available for free. At time of writing, the British Library still hasn’t recovered from the attack; many of the services users depend on are still inaccessible.
All businesses are at risk of ransomware attacks
This isn’t the first debilitating ransomware attack that we’ve seen in the UK. Royal Mail and North East universities have both been targeted in recent years. Typically ransomware attacks like these completely shut down organisations; many essential services and applications become inaccessible and unusable.
However, articles solely focusing on ransomware attacks like these can give the impression that a team of hackers are working away to break into the British Library. In reality, these ransomware attacks are much more passive; millions of businesses are being targeted every day. And it is a program, not people, looking for vulnerabilities within these systems. SMEs are just as likely to fall victim to one of these attacks as larger organisations.
How can businesses protect themselves?
No matter the size of your business, it is essential that you think about cybersecurity, backup and disaster recovery. Robust cybersecurity means that your organisation is prepared and protected against phishing scams and ransomware attacks. Investing in backups for your organisation means that if the worst does happen, you can still regain access to your files, documents and programs; and a disaster recovery plan means that your business can keep operating whilst your systems are being restored.
Transcendit can help you to find the right cybersecurity, backup and disaster recovery for your business. We can also help you and your teams stay protected against phishing attacks and ransomware with U-Secure, which trains your employees against the latest cybersecurity threats, provides email phishing simulations, breach monitoring and business policy centralisation.
To get started with backup and disaster recovery, or to talk about U-Secure, give us a call on 0191 482 0444