Ransomware is a form of malicious software that threatens to publish a victim’s data or block access to it unless a ransom is paid to recover it.
Who are the victims?
Anyone can be a victim.
- Government agencies
- Academic institutions
- Law enforcement agencies
How does it work?
Attackers can spread the malicious software through email attachments, infected external storage devices and websites that have been compromised.
Unlike most cyberattacks the victim is notified and is supplied with instructions on how to recover their data.
Attackers develop ransom cryptware to encrypt files using a private key that only the they have access to. Victims are then told if they do not pay a sum of money by a certain time the key required to access their data will be destroyed. Typical ransoms are around £300 but varies.
Victims may also be tricked into thinking they are part of an enquiry, such as Microsoft or a Police force, and are informed that they have illegal content on their computer and need to pay a fine.
Other forms of ransomware attacks include attackers encrypting files on a computer and trying to sell software, such as fake antivirus, that promises to help victims unlock their data and prevent future attacks.
Attackers may also lock a computer and deny a victim access to their data until the ransom is paid or they may threaten to expose data to the general public.
Bitcoin is the most popular forms of ransom payment as it prevents the attacker being tracked. Although they can be identified once they retrieve the money.
If I pay, will I get my data back?
We recommend that you never pay the ransom. You will be funding criminals and you are never guaranteed that your data could be recovered. If you do pay, how do you know that you have locked them out of your computer and that they could never return. They may have installed malware that always gives them access to your computer.
The Security Bureau are aware of businesses that have paid and were not able to recover their data.
How can you defend yourself?
Unfortunately, ransomware is nearly impossible to stop. However, there are some steps you can take:
- Keep a backup of files
- Keep your antivirus software updated
- Ensure operating systems are updated
- Don’t open suspicious attachments
- Train staff in security awareness
The Security Bureau offer security training so you can stay up to date with threats and help protect your business. Contact us to see how we can help.
Marios Kyriacou of The Security Bureau gave a Radio 1 interview on the Wannacry ransomware attack that was famed for affecting the NHS. Here he describes how to protect yourself.