Ransomware is a type of malicious computer software which encrypts the contents of your computer’s storage, then demands a ransom to be paid (typically by BitCoin) to recover the files.

What is BitCoin?

BitCoin is an online, decentralised crypto-currency centred around the principle of anonymity and the idea of peer-to-peer transactions without the requirement of an intermediary. This has led to a growth in criminals using BitCoin as a means of transferring money in an untraceable fashion.

What does it look like?

A ransomware attack usually comes in the form of an e-mail attachment (typically in an office document or executable/script file) or web link. Once the malicious code is executed, the script encrypts every file it can see on the computer’s hard drive. These files can then no longer be viewed or edited unless they are decrypted with an encryption key that the attacker possesses.

There are typically very few ways to recover data lost to this attack. You could in theory pay the ransom. However, there is nothing to say that an attacker wouldn’t just take your money and run. Because attackers typically request payment via BitCoin, it is impossible to track these transactions and you would not be covered by any protections offered by your banking provider. Furthermore, once the attackers know that you will pay to get your data back, they can just keep attacking you with increasing frequency because they know that you are likely to fall for it.

Anti-virus/Anti-malware software does have some success in detecting and protecting against these kinds of software. However, it is very difficult for this software to detect ransomware until the code itself attempts to run, by which point there will already be a lot of damage done.

Several websites have sprung up in recent times which claim to collect and release encryption keys of prolific strains of ransomware. However, this doesn’t protect against new (day one) attacks and the databases of encryption keys are by no means complete. Indeed, the No More Ransom project website goes as far as to say “At the moment, not every type of ransomware has a solution” and users are encouraged to check back regularly.

Thankfully, there are ways to avoid falling foul of this attack.

The most reliable way to protect against ransomware is to follow basic security principles. If you receive an attachment or a web link with no explanation, no knowledge of the sender, a suspicious sending address (i.e. claiming to be from Lloyds Bank but the e-mail address is bank@gmail.com) or a combination of these, do not attempt to follow the link or open the attachment. If an attachment is opened which then asks for permission to run macros or scripted content, you should never accept it unless you are 100% sure what exactly the file is trying to do.

Additionally, always make regular backups of the files on your computer. This may be a task that is managed by your IT department, and many IT departments will have facilities in place to automatically backup files on your network to a remote location on a daily basis. If you have regular good backups, it becomes less likely for you to lose a file and means that you will never have to even consider paying the ransom.

A good principle is to always keep a backup on a physical medium (such as on an external hard drive) and in a remote location (such as in “the cloud” or a backup server). There are several services online which offer online storage very cheaply.

rradar’s response

Alan Hornby – CII accredited advanced trainer:

“If you are the victim of ransomware, with the loss of company and client data, it will take up staff time dealing with the matter and could disrupt your cashflow. An attack could also put off your customers, stop you trading and damage your hard-earned reputation. Cyber security can no longer be viewed as an IT risk but has to be seen as a business risk.rradar are able to provide technical training to insurance brokers on cyber risks, liability and insurance so that they are equipped to discuss this important topic with their clients.”

And finally…

It’s easy to become complacent about cybersecurity and cyberattacks if it hasn’t happened to you. However, the odds that you will become a victim of such an attack are increasing year on year as the intensity of the attacks and the ingenuity of the attackers increase. Realistically, a relaxed attitude is a luxury that businesses can no longer afford.