According to reports, the world's biggest shipbroker, Clarkson PLC, was hit by an especially malicious form of ransomware. For those unfamiliar with the term, ransomware is a form of malware that locks a network from the inside. Employees are then unable to access their devices until the organization pays a lump sum or "ransom for the ransomware's removal.
What's even more troubling is that Clarkson appears to have been hit by a hybrid' attack, which combines ransomware with a data breach. This will likely be an expensive challenge for Clarkson to overcome.
While we cannot speak to Clarkson's cybersecurity practices, we can recommend that private businesses prepare themselves for similar attacks. By investing in a cybersecurity policy from a reputable provider, companies can insulate themselves from serious financial damages. Below, CyberPolicy looks at the attack on Clarkson and recommends a few tips to safeguard your business against a data breach.
Clarkson's Bad Break-In
When it comes to cybercrime, no business is too big (or too small) to be victimized. Clarkson is a London-based company with over 50 offices in 21 countries around the world. Their duty is to raise finance and charter vessels for various shipping clients. However, this can be hard to do with a ransomware attack breathing down your neck.
The shipbroker decided against paying the ransom and instead contacted police and other local authorities to help them handle the incident. According to the company's statement, unauthorized access was "gained via a single and isolated user account which has now been disabled."
The announcement goes on to say that the person(s) responsible "may release some data. Although they refused to divulge any further information.
While we don't get much of a glimpse into Clarkson's inner workings, we do see the consequences of the company's actions. First, they appear to have made the announcement quickly and clearly. This is "a relatively rare vent in Britain according to Reuters.
Second, the company has also reached out to local authorities. This is a wise decision. Uber was dinged in 2017 for failing to disclose a customer data breach earlier in the year. Thankfully, Clarkson won't have to go through the same public relations nightmare the ride-sharing app is currently experiencing.
Then again, there is a debate going on in the cybersecurity community in regards to whether businesses should pay hacking ransoms. Proponents argue that it's the most expedient way to resolve security issues and may protect consumers as a result. Opponents say that this will only increase attacks as hackers smell an easy payday. Plus, there is no guarantee cybercriminals will keep their end of the bargain.
To avoid picking a side in this debate, companies can do more to protect themselves against malware in the first place. This means practicing basic network hygiene including: