What is the threat?
One of the biggest threats facing businesses and home users through 2016 and 2017 is ransomware. If ransomware takes hold of a computer or a network the consequences can be catastrophic.
Ransomware works by encrypting all documents it finds. It starts by encrypting the users documents on the machine that is infected, then some variants start to make their way through network shares, backups and cloud based storage. It works very fast and by the time you realise you have been infected it is often too late.
Once the ransomware has finished encrypting all of your files you get presented with a ransom note informing you of what has happened and demanding a ransom within a set time period in order to get your files back. Very occasionally law enforcement get hold of the decryption keys so it is worth keeping your encrypted files just in case, if you don’t intend to pay the ransom.
Should you pay the ransom?
That is up to the individual or organisation. Law enforcement agencies never advise that you pay the ransom as you are creating a market for the crime in the first place. There is also a chance that even after paying the ransom the cyber criminals still don’t give you the key to de-crypt your files.
The other reason that it isn’t a good idea to pay the ransom is that if you have paid the ransom once, the cyber criminals know that you are a good target for future attacks as you are someone who pays ransom requests.
However that being said depending on the value of the information that has been encrypted to an individual or business depends on whether they decide it is justified to pay the ransom or not.
How much is a ransom likely to be?
The cyber criminals don’t tend to make the ransom a figure that is out of the reach of the average person. If they demanded a figure of £2000 then most individuals wouldn’t be able to afford it even if they wanted to. So they tend to demand a ransom of around 0.5 bitcoin. Which at the time of writing is around £360. If they are targeting a business they tend to up the demand significantly as they know that the data tends to be more valuable to them, could cost them their business without it and they tend to have more money available.
Bitcoin is a digital currency that is encrypted and untraceable. The cyber criminals provide very detailed instructions on how to send them money in bitcoin and some now even provide a manned help desk to provide you with help paying the ransom. Once you have converted GBP into bitcoin and sent it to the cyber criminals it is untraceable.
How do we get infected with Ransomware?
There are lots of ways that people get ransomware on their machines. These can include inserting a pen drive that has been inadvertently infected from another computer. It could be a pen drive that someone has found and is trying to find it’s owner or is curious to it’s content which has been intentionally infected with ransomware. Visiting a website that has been infected with ransomware, this could be a legitimate website that you visit regularly that has been recently compromised. But by far the most common way of a computer getting ransomware is via a phishing email attack.
Please see our other blog article here on phishing scams and how to avoid them for more information.
What to do in case of infection
If your computer becomes infected with ransomware you need to consider your options. Do you have a backup of your data stored away from your computer? If so then your computer can be wiped, the software re-installed and your data restored. If you have a cloud based backup of your data make sure you remove internet access immediately from your computer. Ransomware will try to encrypt your backups so that you don’t have a method of recovery.
If you don’t have a backup of your data you need to make the decision as to how important your data is to you. The decision on paying the ransom is down to you. We wouldn’t recommend it based on the reasons we have expressed above, but it’s your data and the decision is down to you.
Your decision process needs to happen fast, most ransomware has a timer on it, this is usually around 72 hours and you will be notified of this upon receiving your ransom note. If you don’t act within this time period your data will be gone.
We would recommend you seek help straight away, if your computer is a business machine alert your IT team as soon as possible. They may choose to deal with the issue themselves and have experience in doing this. If not they can reach out to a information security business like ourselves to provide expert help and advice.
So how do we avoid ransomware in the first place? Well as we discussed above it can come in all sorts of guises and catch us unware.
We would recommend using a web browser plugin that looks for websites that have been compromised before allowing you to browse to them, this can slow things down slightly but it is better to be safe than sorry. If they detect a website that has been compromised they will stop you visiting it and explain why.
You need to be mindful of phishing emails containing links and attachments that could lead to your computer getting ransomware. Our phishing awareness blog post found here provides more information on this and we also offer bespoke awareness training packages for your business to help with this further.
Make sure you have a physical backup that isn’t left plugged into your computer, an external hard drive with some basic free backup software or manual copies of your important data, images, etc.
A lot of the protection from Ransomware comes from user education. Certain anti virus manufacturers are now offering anti-ransomware software. This isn’t cheap and like antivirus software isn’t the solution, it provides an excellent line of defence but can be exploited, so the best solution is a solid up to date education in how to stay safe.
In conclusion ransomware isn’t going anywhere, it is getting more original in nature, becoming a more complex attack vector and is becoming more prevalent. You need to be aware of it, it’s dangers, how to avoid it and what to do should the worst happen.
If you follow the guidance above and in our phishing awareness blog post, which can be found here you will go a long way to protecting yourself.
If you require any advice, or would like bespoke awareness training for your business please get in touch to find out more.