In the first of two articles examining the subject of cyber crime, Scottish Grocer examines the case of N&S Motors Ltd Jet Garage in Lenzie, illustrating how suddenly an attack can happen – and the serious consequences it can have for the business.
IT security breaches are on the rise and pose a very real threat that all business owners should be aware of.
With forecourt operators becoming more and more reliant on technology, it is important to understand how cyber-attacks, such as ‘ransomware’ attack, can take place. Ransomware is a type of malicious software (malware) that is designed to block access to computer system files and demands payment for their release.
Alan Nicholls of N&S Motors Ltd Jet Garage in Lenzie, knows only too well the impact a cyber-attack can have on a business. Alan was recently the victim of a ransomware attack when his computer system was infected at the time of replacing his EPOS equipment.
“When we arrived to open the store on a Monday morning, our entire computer system was frozen and we couldn’t access any of our files,” he said.
“We’ve recently changed our symbol partner and that weekend we’d had a company in to work on getting our new symbol group’s system to talk to our pump supplier’s system. Somehow during this process, our on-site virus protection software was disabled. With no protection in place, we were hacked by ransomware, which encrypted all our back office files.
“I called in an IT support company who discovered a message with a ransom for two bitcoins – a digital currency – to be paid through the dark net. By paying this ransom we would receive an encryption key, giving us access to all our files again. Fortunately I was able to find a local IT security firm to unlock the encryption rather than pay the ransom, but it still cost me £4,500 to get everything back up and running.”
Bitcoins, also known as crypto-currency, are not backed by any country’s central bank or government. They are untraceable and are traded for goods or services with vendors who accept bitcoins as payment.
Alan said: “I’d heard about cyber-attacks, but never for a minute imagined that it would happen to us. Our systems were down for a full week and we just had to muddle through. It was a huge inconvenience and, with no computers working, we had to go back to writing everything down by hand.
“I’ve found out the hard way how important it is to ensure you have an adequate computer protection system in place. I did speak to my insurance company to see if I was covered, but I wasn’t. It is something you can insure against, but with attacks becoming increasingly common, there are lots of restrictions on the cover.”
Most ransomware enters systems via e-mail or is unintentionally downloaded from websites where a security flaw has been exploited.
Simple steps to protect your store:
1. Keep software up to date – among other things software updates close security gaps.
2. Ensure your anti-virus is kept up to date.
3. Use a web filter as they can screen out known malware.
4. Where possible, prevent any removable media such as CDs and USB sticks from auto running. This enables the user to scan the files held on the media device before introducing it to the system.
5. Finally, keep regular backups of your files. Although this won’t prevent an attack, having a backup is your only effective defence against malware once infected.
However, systems can also be infected via most networked equipment such as POS, USB sticks & CDs. Ransomware is capable of encrypting many different file types including documents, pictures, audio files and videos.