Ransomware, what is it ?

Ransomware is one of the online threats most likely to affect you, both as an individual and as a business. Despite increasing media coverage, ransomware campaigns remain highly lucrative for organised crime groups and increased user awareness is one of the simplest and most effective ways of mitigating the threat. With that in mind, our Easter message is a reminder of the basics of ransomware to ensure you and your businesses are protected over the holiday period.

What is ransomware?
Although there are many different types, ransomware is simply malicious software that is installed on a computer which “locks out” users from accessing their data unless they pay a fee to unlock it.

How does it work?
Ransomware encrypts your data and asks for payment to provide the decryption key. The type of notification a victim receives can vary from a fake notification warning that your version of Windows is fraudulent, through to fake messages from law enforcement agencies saying that you have been visiting suspicious websites. The warning message (i.e. threat) will promise to return your device to its normal state provided a fee (i.e. ransom) is paid.

How do you pay?
In order to hide their own identity and money flows, the criminals request that ransoms are paid via virtual currency systems. Bitcoins is the best method of transaction of payment, but Ukash or anonymous prepaid card accounts are also frequently used. For victims who are unfamiliar with such payment systems, the ransomware demand also includes details of a helpline where criminals provide step-by-step advice to guide victims through the process.

What is the goal?
Like traditional methods of extortion, the goal of ransomware is psychological and, by forcing users to be active participants in the process, it is much easier to get what is needed. Time constraints, usually around 24-72 hours, are frequently used to apply more psychological pressure to victims.

How do you get infected?
Various methods are used to infect victim machines, but many attack vectors can be prevented through improved awareness and good cyber hygiene. The main methods of infection are:

  • Fraudulent Emails – victims receive an email containing a link directing them to a website where the ransomware is installed on to your machine.
  • Emails with Suspicious Attachments – carefully crafted emails are sent to victims which aim to coerce the user to open a malicious attachment containing embedded malware.
  • Websites that have unknown invisible ‘iFrames’ inserted without the owner’s knowledge – these iFrames will (once clicked) download malware that locks your device.
  • Installing Malicious Mobile Applications – Ransomware can sometimes infect victims via malicious mobile applications downloaded from third party websites.

Should I be worried?
Data is clearly very important to businesses and restricted access to your data could quickly start impacting on business operations. Small businesses with limited resources could lose large amounts of money if their servers or business machines were infected. The amounts demanded by cyber criminals to unlock ransomware can be trivial to larger organisations, but for SMEs it can prove to be costly. Criminals recognise this and are specifically targeting SMEs in the knowledge that they are likely to pay ransoms to quickly resolve issues and enable them to continue their business.

What to do if you’re a victim
Firstly, don’t panic. Your data is not automatically lost forever and, thanks to the hard work of many security researchers, an increasing number of ransomware versions can be unlocked using publicly available decryption keys.

The official advice of whether to pay the any ransom is: DO NOT PAY. There is no guarantee that paying the money will actually return your data, plus it could lead to further infections and, if you are willing to pay up once, you are likely to be targeted for future attacks as you are a ‘known payer’. There are a number of high profile cases where victims including healthcare centres (and even US police departments) have paid ransoms to retrieve data, however these organisations chose this action as a last resort and would not have been forced to pay had they been suitably prepared for the threat.

What can I do to prevent it?
As mentioned above, end user awareness is key to countering the initial threat. Be wary of unsolicited emails. If you are unsure of the content, carefully check the sender email address and, if it looks suspicious, delete the email or check with your IT department first.

The success of this malware relies on the user or business having no other way to access their data. Therefore, you should make regular backups of any important data you have, whether that be on local storage devices or in cloud storage, so that essential data can be easily retrieved in the event of an attack.

If you have a business email, then employ a spam filter service which will block malicious emails. Anti-virus companies are also constantly updating their monitoring systems to block any known ransomware threats, so these should also be utilised for both business systems and personal devices to minimise the threat.

If it does happen to you, do not suffer in silence. As with any cybercrime, you should report it to Action Fraud to ensure the scale of the crime is effectively captured, and you can also contact Protection Group International (PGI) if you are struggling to find a solution.

For more information on how to protect your Superyacht from ransomware click here .