“My taxes are due, where’s my data?” “Sorry, I had a ransomware attack, um…”

Accountancy firms and financial institutions are prime targets for cyber criminals, and the attack of choice in ransomware together with some theft of those lovely sensitive details we trust our experts to keep secure.


And its not just the big firms, such as the recent cyber-attacks on Nixon Williams and SJD Accountancy, that are at risk. Cyber criminals are equal opportunity exploiters, with mass phishing emails increasing, any business with an online presence is in the crosshairs.

What is ransomware?

Ransomware is a type of malware which encrypts your files and then if you pay a ransom, you might get your files back.


I say you might get them back, because although UK businesses are likely to pay a ransom (82% appear to according to proofpoint!), the Sophos Stat of Ransomware 2021 report suggested that only 8% got all of their data back, with most victims getting partial recovery of their files. Nearly a third, 29%, couldn't recover more than half the encrypted data.


80% of businesses that choose to pay to regain access to their encrypted systems experience a subsequent ransomware attack, amongst which 46% believe it to be caused by the same attackers according to a Cybereason survey!


What’s the data theft angle?

Well, you might have really good backup, so you get hit with ransomware and you shrug it off, restore from back up and all is good again. Cyber criminals recognised this and have now taking to stealing any data they can find first and then encrypting your system. This means that even if you can recover your systems, you still might pay the criminal, so they don’t leak the data they stole. And again, there is no guarantee that the criminal will not leak the data, even if it’s a couple of years later, they are criminals.


How do they get in into my system in the first place?

Phishing emails are the most common attack vector. A phishing email is where the criminal pretends to be someone else, generally someone or a company that you trust. Microsoft, Google, Zoom and Amazon are amongst the most abused brands. The emails will generally have a link to be clicked on or an attachment to be downloaded. The attachment is likely to have malware within, while the links might be directing you to download malware, or they might want to enter your log in details, say I a fake Microsoft page. Once you do, the criminals can use these details to get into your systems as you!


RiskRecon suggested that companies who have suffered a ransomware attack have poor cyber security controls in place - so maybe you should check yours?

Table showing the details of the cyber hygiene of companies falling victim to ransomware from RiskRecon
Table from The Cybersecurity Hygiene of Ransomware Victims - RiskRecon

Top tips

1. Back up your data – and keep it offline. This means you always have a copy that you can access if your network is compromised.

2. Restrict access to who can install software in your network, maintain up to date anti-virus software and other software patches

3. Protect your IT equipment – enable passwords, remote wiping etc.

4. Use strong passwords everywhere and two factor authentication where possible for important accounts

5. Make sure that you and your team know what a phishing attack is, how to spot them and how to deal with them when they do occur. The ECRC offers affordable Staff Awareness Training using local University students who are trained and mentored by senior ethical hackers.

6. Join the ECRC for free. We will give you support, guidance and access to free tools and services that can help. Did I mention, free?





The contents of this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of The Cyber Resilience Centre for the East is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others. Articles on the website cannot by their nature be comprehensive and may not reflect most recent legislation, practice, or application to your circumstances. The Cyber Resilience Centre for the East provides affordable services and Trusted Partners if you need specific support. For specific questions please contact us.

The Cyber Resilience Centre for the East does not accept any responsibility for any loss which may arise from reliance on information or materials published on this document. The Cyber Resilience Centre for the East is not responsible for the content of external internet sites that link to this site or which are linked from it.