What is ransomware?

Recently there has been a huge increase in the number of organisations which have suffered a ransomware attack.

It is malware which encrypts all files on your computer and any network drives it can access, so that these files cannot be used: this may well be all of your data. A message is displayed on your screen saying that if you pay a ‘ransom’ (normally a specified number of bitcoins, so that payments cannot be traced) you will receive the key to decrypt and release your data.

Who is hit by ransomware?

Anybody! Recently I have worked with several law firms which have suffered an attack. Other well-publicised examples include Lincolnshire Council, where all appointments had to be made on paper for a week and a large hospital in Hollywood which negotiated the ransom down from $3.4M to $17,000.

What should you do if you get hit?

There are various unsatisfactory options:

  • Try to decrypt your files. Unless you have been hit by a very early version of ransomware this is unlikely to be successful even with expert support.
  • Pay the ransom. After all, it is quite common to be offered a helpline to help you do this! Why not? Well … you are dealing with criminals. How sure are you that you will get anything in return for your money? It is likely that you will pay and still not be able to retrieve your data. They may simply not give you the decryption keys or they may not know how to do this. If you do retrieve your data there are still some consequences. Firstly, you have reinforced the business model so attacks will become more frequent. Secondly, you have shown yourself as a ‘soft touch’ and are likely to suffer further targeted attacks, either from the same criminals or others in their network.
  • The only other thing you can do is to try and re-install everything from a back-up. This is really the only viable option, but it requires a good back-up (see below).

How does a ransomware attack happen?

Most ransomware infections occur as a result of opening an infected email attachment – often a Word document.   They can also occur after clicking on a link to a compromised website. Recently there have been attacks on Macs as well as PCs.

How do you protect yourself?

Never open an unexpected email attachment. If it genuinely looks important contact the sender to check its authenticity.

Never click on an unknown link in an email. Even if a link appears genuine it may not be what it seems (can you tell the difference between an upper case ‘i’ and a lower case ‘L’?). One protection against this is to disable HTML.

The other thing you can do is to make sure you make regular back-ups. These need to cover both data and the configuration of the system. Of course, back-ups need to be recent enough for the data to be useful. It is also important to have a recent back-up and the previous one in case of corruption of the latest one. The other important thing with back-ups is to check regularly that they actually work. It is pointless to have a back-up which fails to restore data.

Don’t be a victim of this rapidly growing problem. Be careful with attachments and links, and make sure your back-up policy is effective.

For official guidance on cyber security visit the National Cyber Security Centre.

Leave a Reply