Ransomware is a type of malicious software, also known as malware, that takes over a user’s computer and threatens to continue restricting access unless a ransom is paid. In some cases, the cyber criminal may even threaten to publish sensitive data if the ransom isn’t paid.
Theoretically, once the payment is provided, users will receive a decryption key and be able to access their computer or system. The amount of this ransom can range from a few hundred to thousands of pounds and typically must be made in a cryptocurrency such as Bitcoin.
Ransomware attacks have recently become a common occurrence. The amount of ransomware attacks on businesses tripled in 2016, jumping from one attack every two minutes at the start of the year to one every 40 seconds towards the end of it.
One in five companies that made ransom payments never actually got their data back. Recent technological developments and the emergence of ransomware-as-a-service models have made it even easier for cyber criminals to create ransomware, so this is a problem that is only expected to increase.
How does a ransomware virus work?
Ransomware can infect your computer through several methods. One of the most common ways is a phishing scam. Within a phishing scam, employees receive a seemingly trustworthy email with an attachment. If this attachment is downloaded and opened it can infect your computer and hold it and sometimes the entire network hostage.
Often social engineering tools are used to trick users into allowing the ransomware administrative access. Sometimes more aggressive types of ransomware, such as NotPeya, look for and then exploits security holes bypassing the need to trick users.
Once malware has access to a computer, it typically encrypts some or all of your files, so they can’t be accessed without a decryption code which is known only to the cyber criminal. You’ll then receive a message, sometimes with a countdown, informing you that your files are now inaccessible, and you must make a cryptocurrency payment to get your data back.
Leakware or doxware, one form of ransomware, will threaten to publish sensitive data, such as a customer’s credit card information, if the ransom is not paid. As the cyber criminal must first find sensitive data on your hard drive, this type of ransomware is more complicated to operate. As such, it’s far less common than ransomware that encrypts files or restricts access to devices.
What companies are vulnerable to ransomware attacks?
While every business is vulnerable to ransomware attacks, some industries are more susceptible than others. Cyber criminals determine who to target based on the type of software the company uses, how much your data is worth (i.e. if you’d be more likely to pay the ransom) and the impact of a ransomware attack.
As such, academic organisations, government institutions, energy and utility companies, and healthcare facilities are the biggest targets for ransomware attacks.
Education ransomware attacks
Education organisations have the highest rate of ransomware attacks. One report conducted by BitSight found that education organisations are three times more likely to be the victim of a ransomware attack than healthcare organisations and 10 times more likely than finance institutions. In fact, more than half (63%) of British universities have experienced a ransomware attack.
Cyber criminals targeted prestigious university UCL’s servers with a ransomware virus in 2017. According to The Guardian, they gained access through the system via a phishing email and were then able to bring down the university’s shared drives and student management systems, creating a massive problem for the university and its students.
How to protect against ransomware attacks
Regardless of your industry, you should have a proper cybersecurity plan and remediation strategy to protect against and handle ransomware attacks.
As most ransomware attacks infect and encrypt files, backing up data may seem like a good starting point to minimise the impact of an attack. However, be aware that more advanced types of ransomware can also encrypt backup files, so you won’t be able to restore these versions on to your computers.
This isn’t yet a popular type of ransomware but should be considered when planning your ransomware protection strategy.
You should also keep your company’s operating system up to date and install antivirus and whitelisting software on all computers. Antivirus software will detect malware and ransomware threats as they arrive, while whitelisting software will prevent unauthorised software from opening. These software and computer updates will help protect your company from a wide range of cyber threats.
However, as IT security expert Rob May explains, antivirus software can only go so far in protecting against cyber-attacks. In fact, it’s effectiveness relies on employees being properly trained and educated:
“If a criminal walks up to the front door and a member of your team opens it for them, the investment in security is worthless – therefore, we must invest in training and education too.”
The best IT security plan should include both a corporate culture of cybersecurity awareness and rigorous software programs. Employees should be trained and educated in cybersecurity so they can act as a human firewall and quickly identify incoming cyber threats.
What to do if you’re the victim of a ransomware attack?
The first question on many business owners’ minds when faced with a ransomware attack is if they should pay? After all, if you pay the ransom you might get your data back, so you can continue with business as normal and not have to deal with the headache.
While this may sound like a tempting quick fix, in some cases businesses have paid the ransom only to not get their data back. Most of the time, there are other options for handling ransomware attacks and typically paying the ransom is not recommended.
So, how do you regain control of your computer? The first step is to determine the type of ransomware: encrypting, screen locking or something that’s only pretending to be ransomware. You can easily do this by seeing if you can access files.
If you can’t then it’s likely to be encryption ransomware, while if you see a note restricting complete access to your computer it’s more likely to be screen locking ransomware.
Encryption software will be much harder to deal with and as such can have more severe impacts. We recommend contacting a professional virus remover or working with your internal IT team to address the situation.
Once a plan has been implemented and the breach has been resolved, we recommend assessing your IT security plan to prevent against future ransomware attacks.