IRELAND’S CYBER SECURITY teams have sent out an urgent warning to small businesses in the wake of an increased threat of ransomware attacks.
The warning comes just days after The Journal revealed that an Irish company had suffered a major attack. The firm is involved in a number of largescale infrastructure projects for the Irish Government.
The National Cyber Security Centre (NCSC) and the Garda National Cyber Crime Bureau (GNCCB) sent a joint letter to IBEC’s Small Firms Association with the warning.
In the letter the NCSC and GNCCB said they had observed “a trend of small and medium-sized businesses being increasingly targeted by ransomware groups”.
Ransomware is a type of malicious software designed to block access to a computer system until a sum of money is paid. Often ransomware gangs also threaten to leak sensitive stolen data if a ransom is not paid.
In May 2021, the HSE was the victim of a devastating ransomware attack which crippled the central IT systems and had a significant impact on the delivery of health services nationwide.
The Director of the NCSC Richard Browne said that in the past these groups typically focussed on larger organisations. However they have now shifted focus to smaller entities.
“We have been dealing with the threat of ransomware for some time; however, we have seen a noticeable change in the tactics of criminal ransomware groups, whereby rather than largely focussing on Governments, critical infrastructure and big business, they are increasingly targeting smaller businesses.
“This is a trend that has been observed globally, and Ireland is no exception with several businesses becoming victims of these groups in the past number of weeks,” he said.
Richard Browne said the letter sent to IBEC by the NCSC and GNCCB has outlined guidance for small companies and how they can deal with the attack.
“Whilst we appreciate that many business owners are understandably nervous of the threat ransomware poses, there are some straightforward security measures that can be put in place to ensure that an organisations data and systems remain secure,” he added.
Ransom Payments
Detective Chief Superintendent Paul Cleary, Head of Bureau at the GNCCB, said the cyber security authorities also advised against the payment of ransoms to criminal groups saying that they do not “encourage, endorse nor condone the payment of ransoms”.
“There is no guarantee that paying a ransom will lead to your data being successfully being decrypted or prevent the data from being leaked online. In fact, it may lead to your organisation being targeted again, with some research showing that up to 80% of organisations that pay are attacked again,” he said.
Cleary advised victims to immediately contact the NCSC and An Garda Síochána who would begin work on solving the problem.
Detective Chief Superintendent Cleary added that “reporting incidents allows us to fully investigate these cyber-crimes and helps us to identify trends and methods used by attackers so we can provide cyber safety and network protection advice to the public and the corporate sector”.
The Director of Ibec’s Small Firms Association, Sven Spollen-Behrens, said: “This warning from the NCSC and GNCCB tallies with what we are hearing from our membership who are increasingly worried about the threat posed by cybercrime.
“The advice provided is very helpful and we’re eager to work with the authorities to ensure our membership are putting in place the right protections to defend against these attacks,” he said.
To embed this post, copy the code below on your site
have your say