<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=111591952803728&amp;ev=PageView&amp;noscript=1">
Skip to content
Close
Contact us
Contact us
Our difference

We are on a mission to deliver innovative business transforming technology solutions that exceed our customers’ expectations.
 

Our culture

Our values guide us in everything we do and help shape our culture and customer approach. Find out more about our values and meet some of our team.
 

Our Microsoft Partnership

As a Microsoft Solutions Partner, we’ve been at the centre of the revolutionary changes that technology has brought to every aspect of life and we continue to stand by their side at the centre of tomorrow’s digital transformations.

Microsoft Solutions Partner

Our partners

We have successfully built relationships with multiple partners that prepare businesses for the future.
 

Carbon management

We understand our environmental responsibilities as a UK business and IT Managed Service Provider, and we understand how important it is for our customers to partner with responsible providers.
 

Careers

Our team is made up of a diverse group of people from all around the world, and we all have one thing in common: we’re passionate about providing our customers with outstanding solutions.

View our current vacancies
Thinking of selling your IT business?

Core is a well funded Microsoft Solutions Partner with a 30 year history of being at the heart of control in IT.

We are supported by our bankers and have funds available for strategic business acquisitions. Together with our successful acquisition track record and a commitment to making deals happen, now is the perfect time to talk to us if you are considering selling your IT business.

If you are interested in discussing a potential exit of your IT business, please complete the form on the right. All correspondence will be treated in the strictest of confidence and a mutual non-disclosure agreement will be exchanged prior to any discussions taking place.

Talk to us in confidence
Interactive Microsoft workshops

Our workshops are designed to help you realise the value of Microsoft technologies in your business, gain real value from your investment and transform the way you work.

The workshops are a collaborative and immersive experience; our experts will work with you to identify your business objectives and establish the Microsoft technologies to help you achieve them.
 

View our workshops
Request a workshop

Our range of workshops covers every aspect of the modern workplace including productivity, collaboration, identity, security and compliance and communication, with interactive and engaging sessions that bring the art of the possible to life.

Download our workshop guide

Read more about the interactive workshops we offer, and how they can benefit your business by downloading our guide.

MCI Workshop Introduction

Download our workshop introduction
Managed Services

Discover why Core is the first choice for many organisations looking to add flexibility, efficiency, and expertise to their teams.

Cloud Technology

From Microsoft’s leading platforms to bespoke cloud solutions, Core’s range of cloud technology solutions covers everything the modern workplace needs.

Professional Services

Whichever challenges you face on your digital journey, Core's professional services team has a solution to help, from IT Project Management to our innovative Smart Services.

Public Sector

Certified secure solution for the public sector, providing a reliable, flexible, secure and affordable IT solution.

Commercial Sector

Certified commercial sector solutions, covering all your commercial needs from financial and legal services, through to manufacturing.

Download our Frontline Workers white paper

Learn how technology can help to balance productivity with wellbeing for Frontline Workers.

White paper: How technology is revolutionising the health and productivity of frontline workers


Download the White Paper now
Why customers choose us

Since we were founded in 1990 and started our Microsoft journey, we have supported over 10,000 customers on their communications and collaboration projects, and with the introduction of Microsoft's cloud technology, have grown our capabilities significantly across Microsoft 365 and Azure.

What sets us apart is a talented and passionate team who truly love what they do, demonstrating boundless enthusiasm and dedication in every single project.
 

View all of our Success Stories
logo-menu-david-lloyd

"It was apparent from day one that Core had a depth of knowledge in Microsoft 365, which we simply hadn’t found anywhere else."

Read the Success Story
Greater London Authority

"Core has a lot of experience working with the public sector, which was definitely a benefit."

Read the Success Story
Angel Trains

"There’s such a good working relationship with Core, it’s like having another permanent person in our organisation."

Read the Success Story
Talbot

"We had a really good, down to earth relationship with a few of the guys, and they know what they are doing."

Read the Success Story

Read our latest blog articles

Maximising Savings on Azure with Core’s Gain-Share Offer
Read the article


Future-Proofing Your Business: The Perils of Rushing into Copilot for Microsoft 365
Read the article
AI for All: How Microsoft's Latest Update on Copilot Opens Doors for all Businesses
Read the article


Defending Against Modern Cyber Threats with Managed Services
Read the article
The Core knowledge hub

Stay up-to-date with the latest insights, trends, and discussions from Core's team of subject matter experts through our blog topics and news articles.

Blog

News
Lucy WrightAug 17, 2018 11:43:58 AM11 min read

Make your enterprise ransomware-proof

Last week saw another large-scale ransomware attack taking place with computers on a global scale. KeyPass (a variant of the STOP ransomware) started infecting PCs on 8th August 2018 and has spread to over 20 countries at the point of writing this blog.

KeyPass is a fairly typical ransomware attack; it infects a machine and uses the on-board security tools to encrypt and lock up user data. Instructions are then provided to the user to pay a $300 ransom for the files to be released.

One worrying aspect, is that forensic examination of the code shows that this ransomware attack has some new components that potentially enable control over an infected system after the user data has been encrypted; but at this point, it’s not entirely clear how this might be used or what further impact it might have for the user.

This time around, it doesn’t seem to have had the same impact at WannaCry did last year. However, this is more likely due to the composition of the ransomware itself and its delivery network rather than a sign of improved defences across the global IT estate. It’s still early days too; WannaCry was first spotted in the wild in February 2017, but it didn’t really hit the headlines until 12th May 2017, when it had reached enough machines to start infecting thousands per hour.

If we use that timeline as a guide, this means that we probably have about 30 days before KeyPass reaches epidemic proportions, so there is time to make some practical changes to your enterprise in order to protect your users and data from attack, as much as is possible.

Change your data storage policy

One standard piece of cybersecurity advice that we give to all customers, all of the time, can save you from some ransomware attacks altogether.

Don’t store any data locally on your device.

In today’s world of connected computing, there are very few occasions when you are so isolated that you could only access data stored locally on your device.

For customers using Office 365, you have a significant storage solution in OneDrive for Business that will host all of your data in a fully patched, secured and encrypted data vault, with some redundant backups. You can access this data anywhere that you have an internet connection. Using OneDrive for business, or a similar secure cloud storage solution, as your primary user data drive would be the best recommendation.

The same principal is true for solutions where data is stored in your enterprise’s private infrastructure, i.e., SharePoint on-premise, providing you have kept this up-to-date in terms of version and patching.

Don’t trust anything that is local to the device, i.e., any USB or network-attached storage solutions, as these could be potentially controlled and encrypted by the ransomware.

The current crop of ransomware attacks are really only effective on PCs, and can only encrypt data stored on the device. If there is no data stored on the device, (or if you have backups elsewhere), you have no data loss, no business impact and no reason to pay the ransom.

 

Make sure you have a good backup strategy

In addition to the above, or in place of the above, having a good backup strategy in operation is the next best step you can take to protect yourself against ransomware.

Our recommendation for all customers is to do this using a cloud-based solution such as Microsoft Azure, where we can run a storage solution encrypted using customers own keys, on a platform that is completely up-to-date with patches, with great physical and data security. Typically, we would stand up a geo-replicated data store for a customer so that we are doubling down on security and providing an additional redundancy, just in case of any evolving threat.

We would recommend this approach (radically) for customers that are both on-premise and using Office 365.

There are no current known threats that can penetrate Office 365 and interfere with the data stored in the tenancy, BUT this is the logical evolution for ransomware, as more and more customers adopt cloud-based productivity platforms.

So, under the banner of ‘future proofing’, we recommend that all customers stand up a backup solution for Office 365 as well. There are a number of great solutions on the marketplace and again, they are very low cost, much less than building your own DR or backup solution on-premise.

This way, a cyberattack may compromise one platform, but you have an up-to-date duplicate of your data in a separate platform that you can use to stand up a new platform with minimal delay.

Office 365 does some distributed data backups within the platform natively but restoring the data in the event of an incident is not quick, and there are no SLAs around either the backup or the restoration. A dedicated solution will give you those SLAs and a defined return to operations time.

Office 365 Advanced Threat Protection

For customers that are in Office 365, leveraging Advanced Threat Protection is a great way of tackling a range of cyber threats, including ransomware attacks, that are delivered over email.

Advanced Threat Protection, or ATP, uses the cumulative data that Microsoft collects in its Security Graph from the billions of data transactions it manages globally to help identify and quarantine threats. Known threats are siphoned off before they get to the user, with a notification sent to the organisations admin to advise that a cyber threat has been identified and diverted.

But ATP also has great protection for new, unknown threats. ATP includes an email attachment scanning solution which will explore anything that looks suspicious in email traffic, quarantining it and executing code in a secure detonation chamber before deciding whether it is safe to send to the user. This way it can be effective against zero-day threats as well as known issues.

Finally, ATP also includes a solution called ‘safelinks’, which completes similar pre-checks in web links to make sure you aren’t being directed to any websites that might contain threats. All hyperlinks in emails are replaced with a Microsoft-based link to a staging ground on their infrastructure, where users will be able to get the full website content from the original hyperlink if it is safe and allowable.

These features together help to provide a layer of protection to the organisation and users and in action they are very effective at shielding the majority of email-based threats.

Updates and patches

Ransomware attacks typically exploit known vulnerabilities in PC operating systems. WannaCry exploited a weakness in a protocol in older versions of Windows, which Microsoft had actually issued a patch for (for all SUPPORTED platforms), in February 2017 just after WannaCrypt had been spotted in the wild.

People that were compromised by WannaCrypt were almost exclusively either not up-to -date with patching, or using an older, unsupported version of Windows that didn’t get a patch issued to it (Windows 8 and XP predominantly).

There are two learnings to take on board here:

- Make sure that you are on a supported version of Windows, which for enterprise would currently be either Windows 7 (SP1), Windows 8.1 or Windows 10 (build 1703 or later). If you aren’t on one of these platforms, you won’t be getting any general security patches and there are likely to be a number of vulnerabilities on your devices that could be exploited by a cyber-criminal.
- Make sure that you are up-to-date with all current patches on these platforms. Microsoft launch patches for these platforms every other Tuesday, so make sure you are getting them and deploying them in a fast and consistent manner.

Security patching is a little like immunisations; they are most effective when the herd is fully immunised. Any devices in the estate that aren’t up to date with patches represent an open door into your environment and gaining access via one single compromised device could give a cyber threat actor access to everything across your estate.

Teach your users about cyber threats

One other massive step forward is to make sure you help your users understand the potential for cyber threats, how to spot them and what to do if they are infected.

This is a reality of modern life, so it makes sense to support people to protect both your organisation’s data, but also help your users protect the machines and data they use in their private lives. So many of us now use a PC for family communications, paying bills, storing photos etc., to the point where having a ransomware attack at home is likely to have a profound effect on your employees’ wellbeing.

Preparing and running some simple cyber security training courses and reminder campaigns is a great way of helping to combat potential cyber threats, although it should be noted that a lot of these attacks are getting very clever in how they present to users. Also, remember that your users are not all IT experts and are busy doing whatever role you employed them for, so they might not be 100% focussed on looking for cyber threats every minute of the day.

Giving them training is better than doing nothing, but this is the least effective way of protecting your business in this list.

The true cost of ransomware

All of the potential mitigations for ransomware have a cost associated to them, so its worth focussing on what the true cost is of a ransomware attack to your organization. In the broadest financial terms, if the cost of remediation is higher than the cost impact of the issue, it’s probably not worth remediating.

However, the cost of a ransomware attack is not limited to the ransom itself.

The ransom

$300 is the per user cost of releasing data encrypted on the device, so if you have 100 users that’s $30,000 to get your data released. If you have 1,000 users, you are looking at $300,000. These cyber threat actors are compromising millions of machines, so they are unlikely to negotiate a bulk discount.

User downtime

Probably the actual largest cost factor of ransomware is user down time. As a rough calculation, if the average user salary in your organisation is £30,000 per annum, then that equates back to an hourly cost of £14.42 per employee based on a 40-hour working week.

WannaCrypt locked thousands of users out of their data for over a week – circa £577 per employee in downtime. If you have 1,000 employees that’s over £0.5m.

Even if you pay the ransom, I am willing to bet that there is at least a 24-hour lead time before files are released. For 1,000 employees, that’s £100,000.

The risk of non release or re-ransom

Let’s not forget that the people that issue the ransomware are criminals, so there is no guarantee that they will release your files after you have paid or that they won’t re-encrypt your data again next week and ask you for more money. This doesn’t have a fixed price per se, but it does drive onto the next point…

Device remediation

Once you have had the infected device unlocked, you are going to want to remediate it to make sure you aren’t re-infected. As a minimum, this should be a complete wipe and rebuild which will probably cost you £50 in resources per machine. It would be advisable to replace the HDD and the RAM of the device just to be sure that there are no remnants of the infection left on the device, which would drive the cost up to about £150 per machine on average. For your 1,000 employee organisation, that’s £150,000.

My personal approach would be to destroy the equipment and start with a new machine just to be sure, and I know a lot of security specialists that would only support this as a way forward, where you are probably looking at £600 per machine on average.

Then, Core recommends you look at updating the operating system to a fully patched version to protect yourself from future attacks.

For a 1,000 employee company, the cost of not proactively remediating is likely to be at least £500,000 - more expensive for your business than protecting yourself in advance.

That’s without calculating the lost revenue and goodwill that your business may have suffered because of the downtime caused by the platform wide outage.

Taking proactive steps makes sense on every level.

Core can help your enterprise protect itself from ransomware attacks. We can help you upgrade your desktops to the latest version of Windows 10, migrate you into Office 365 and configure all of the right security features. We can also set up a backup and recovery solution for your data, and we can help you train your users.

If you would like to discuss how Core can help your organisation take any of these steps, please contact us and we will put you in touch with your industry specialist.
avatar

Lucy Wright

My name is Lucy and this is my author bio.