How to outsmart ransomware

Reluctantly no doubt, a decision was made in early September at the KNVB headquarters in Zeist: preventing sensitive information – such as personal data, contracts and players' salaries – from ending up on the street, outweighed "the principle of not allowing ourselves to be extorted" and the government's advice not to reward cybercrime by paying out, according to the association. And so a ransom was paid, although KNVB would not say for how much.

Ransomware is software that encrypts victims' files or systems, after which criminals demand a ransom for their release. Such a cyber attack can cause great damage. Think of losing sensitive data, shutting down business processes, paying large sums of money and violating privacy laws, not to mention the enormous reputational damage.

In recent years, the number of cyber attacks involving ransomware has risen sharply worldwide. According to a report by Cybersecurity Ventures, global damage from ransomware is expected to reach $20 billion by 2023, an increase of 57 times from 2015. In the Netherlands too, many organisations have now been affected by this cyber threat, including the University of Maastricht, the municipality Hof van Twente, several hospitals and most recently the KNVB.

LockBit gang

The football association became a victim of one of the most notorious ransomware gangs today: LockBit. This Russian hacker group is held responsible for hundreds of attacks on organisations in more than 30 countries. The gang is known for the high ransom amounts it charges their victims, often millions of euros.

LockBit uses a so-called "double extortion" tactic, where they not only encrypt files, but also threaten to leak them onto the dark web if payment is not made. According to recent research by newspaper NRC, LockBit may have ties to the Netherlands, as they use Dutch servers and domain names.

Preventing yourself from becoming a victim of ransomware

No matter where a ransomware attack comes from, it's best to make sure the chances of success are as low as possible. Because when it's too late, you face the dilemma: Do I pay a ransom, or not? If you pay, you reinforce this form of crime. Moreover, there is no guarantee that you will get your files back or that they will not be leaked later. Criminals cannot be trusted, after all. Therefore, it is of utmost importance to protect your organisation from this type of cybercrime.

Fortunately, there are several preventive measures you can take as an organisation to avoid falling prey to a ransomware attack:

• Know what you're clicking on

It's obvious and yet it often goes wrong: be careful when opening email attachments or links from unknown senders. Ransomware is often spread via phishing emails that trick you into clicking on a malicious link or downloading an infected file.

• Keep software up-to-date

Keep your software up-to-date and install security updates as soon as possible. This will prevent ransomware from exploiting vulnerabilities in your systems.

• Use antivirus software

Use reliable antivirus software and a firewall to protect your devices from malware. An antivirus program can detect and remove malicious software such as ransomware.

• Create backups

Create regular backups of important files and store them in a secure location, such as on an external hard drive or in the cloud. This will allow you to recover your files in case they are encrypted.

• Encourage security awareness

Train your employees to be cyber-aware and to recognise and report suspicious emails or messages. Make clear agreements on how to deal with ransomware attacks and who to contact in case of an emergency.

• Incident response planning

Develop and implement a well-thought-out incident response plan. This plan should detail how the organisation should act in the event of a ransomware attack. Such a plan can help minimise response time and limit damage.

• Monitor your systems

Implement comprehensive monitoring of network activity and logging to identify and track suspicious behavior. This allows early detection of an attack and a quick response.

• Have you become a victim? Report it to the police

Contact the police if you become a victim of a ransomware attack. Report it and seek advice on how to proceed. Never pay a ransom without first seeking legal advice.

Ransomware poses a serious cyber threat that can affect organisations of any size. And no single approach offers a 100% guarantee against an attack. So, it is important to be aware of this threat and continually improve your security.

A layered, proactive approach to cybersecurity is crucial to minimising the impact of a potential attack and reducing the attackers' chances of success. By following these tips, you can better arm yourself against these attacks and their harmful consequences.