While ransomware seems to be a threat to individual users, more information can be gathered and damage inflicted if hackers gain access to companies and utilities. Sometimes these hackers are individual actors; sometimes they are government-sponsored. In any case, there is no limit to the breadth of victims.
The UK-based National Cyber Security Centre (NCSC) issued a warning that UK industries have likely been compromised due to hacking events. The NCSC provides UK firms support and advice on how to avoid cyber security threats. Their report is focused on the energy and manufacturing sectors.
Unfortunately, many companies and utilities are informed of such vulnerabilities, they remain complacent and shrug off the problem. For example, I have seen people access utility site control websites that handle hydroelectric power generation, simply by trolling the internet and logging into a public IP address...no password necessary. Building a security minded infrastructure is key, but the threats continue.
The threats have been increasing, whether hackers are brute-force attacking companies infrastructure or simply stumble upon open vulnerabilities. The last two worldwide epidemics, WannaCry and NotPetya, were simply using vulnerabilities in almost all versions of Windows to gain access to a local network, spread internally, and and then the malware installed adds the infected machine to its army of drones looking for external IPs to gain access to local networks. The NHS in the UK and FedEx’s Europe, Middle East and Africa (EMEA), and Asian infrastructure were impacted as well as a spate of other big name companies, both public and private.
What can companies do to protect themselves? First, you must have a backup solution. If you don’t, you will lose data. Period. It may not be now, it may not be tomorrow, but it will happen. Additionally, it is essential to educate your employees and customers on how to reduce threats because EVERYONE should be a part of the solution. Last, deploy anti-virus and anti-malware software, intrusion detection and prevention tools, and be certain that other applications are patched and up to date. Depending on your business needs, you may consider managed networking services as well.
Get a backup solution that is worth your time and find out more ways to reduce vulnerabilities.