Travel, tourism, and leisure are amongst the most joined up online sectors across the globe and whilst this offers efficiency and opportunities it also opens huge numbers of vulnerabilities to cybercriminals. Whilst ransomware is far from the most common type of cyber-attack, it is one that is well suited to the high-tech travel industry which is so dependent on time critical processes. It is also one that can severely damage your operation both today and in the months that follow.

Ask yourself this question – you come into your travel agency with a busy week ahead – dozens of customers expecting their tickets for destinations all over the world. You turn on your computer and find that you are locked out of your network with no access to customers or airlines An e-mail arrives in your mailbox demanding £10000 to let you back in in. Do you pay or not? Can you trust the criminals; how do you save your business from financial and reputational ruin. This sadly is an all-too-common occurrence and experience of businesses all across the UK.

These attacks have affected businesses from all corners of the sector, from Bristol Airport in UK to the Bin Line and Goldjoy travel agencies in Hong Kong and Marriott/Starwood hotel group. On occasions these attacks do not target only data but also operating systems. In one attack the criminals infiltrated the hotel’s electronic key system locking hotel guests in their rooms and locking the hotel out of its systems thus disabling staff to issue new key cards to guests. They demanded a ransom of two Bitcoins (currently more than £50 000) and warned that the cost would double if the hotel did not comply with the demand by the end of the day.

So, what is ransomware?

Simply put this is a malicious attack against a network where the criminals get access to data and either steal it, threaten to delete it, or encrypt it. The criminals will then demand a payment for the return of the data. Imagine how this could affect your business – sensitive financial data relating to your customers, suppliers or even your own company, commercially sensitive data relating to staff, the operating of your business or contacts with others - these could all be compromised or lost.

The reality is that ransomware is now viewed as a business model and many entities behind these attacks will present themselves as being on the same side as the victim. So, in return for the payment your business will often be supported through a process which will return the data that has been encrypted / stolen. It is worthy of note that paying the ransom does not guarantee the return of the data and certainly does not guarantee that it won’t be sold on or published at some point in the future. Also, your network will still be infected, and you are more likely to be targeted again in the future.

The paying of the ransom has moral and ethical undertones that may not be immediately apparent when you are faced with such an attack. Consider the fact that you may be financially supporting terrorists or criminals by paying the ransom.

Can you protect yourself from these attacks?

Ransomware is always preceded by an attack on the network itself, commonly through use of stolen credentials, a phishing e-mail or brute force attack. These attacks are increasing in complexity and sophistication meaning that defence against these dark arts needs continual review. But the key points for protection to remember are.

1. Make your network resilient and practice good cyber hygiene – using Cyber Essentials (CE) principles. As a member of the ECRC we will guide you through the process of preparing for Cyber Essentials as part of our Little Steps Program. Once completed we will refer you to one of our partners to complete the certification process. And successful accreditation brings with it £25000 worth of Cyber Insurance.

2. Make sure Staff Awareness Training is up to date – spotting a phishing e-mail early will prevent a lot of pain further on down the line. Have a look at our affordable Staff Awareness Packages that are available – high quality and provided by highly trained undergraduate students.

3. Make sure all staff know the symptoms of an ongoing ransomware attack and respond quickly to it using a prepared incident response plan. You can download a template from our site.

4. Identify common points of failure across the network – patch vulnerabilities and restrict access from malicious sites and IP addresses – speak with you MSPs about this and don’t assume that it will be done automatically. The important thing here is to understand where your main vulnerabilities are, then deal with them first.

What next?

The impact of a successful attack against your website or network can be catastrophic and lead to website downtime, loss of data and permanent loss of reputation. Here at at the centre, we would recommend that you consider.

1. Join our community for free . You will be supported through implementing the changes you need to make to protect your organisation.

2. Consider how we can help your own supply chain and customers – it would be great if you could look at promoting the centre on our behalf. Again – contact us to find out more.

Reporting a live cyber-attack 24/7

If you are a business, charity or other organisation which is currently suffering a live cyber-attack (in progress), please call Action Fraud on 0300 123 2040 immediately. This service is available 24 hours a day, 7 days a week.

Reporting a cyber-attack which isn't ongoing.

Please report online to Action Fraud, the UK's national reporting centre for fraud and cybercrime. You can report cybercrime online at any time using the online reporting tool, which will guide you through simple questions to identify what has happened. Action Fraud advisors can also provide the help, support, and advice you need.

Alternatively, you can call Action Fraud on 0300 123 2040 (textphone 0300 123 2050).