What is Ransomware?
Ransomware is a form of malware that restricts users from accessing
their own system and usually also encrypts important files. This forces
the victim to make a decision: either make a ransom payment (within the
stated timeframe) or risk permanently losing all of their files and/or
system access forever.
It should be noted though, that making a ransom payment may not
necessarily recover encrypted files. There have been documented cases
where decryption keys have not been provided, even when the ransom was
paid.
Over recent years, ransomware has been steadily gaining popularity with
cybercriminals.This increase has in part, been facilitated by the
emergence of cryptocurrencies, such as Bitcoin. The main impediment with
early forms of ransomware was the lack of an anonymous way to collect
payments, so some demanded prepaid gift cards, or SMS messages.
Nowadays, nearly all forms of ransomware request payment in Bitcoin,
since it’s the most popular cryptocurrency, easy to use, transactions
are irreversible and the currency is global. The drawback for
cybercriminals, though is that a record of every transaction is publicly
available. To get around this, they use money laundering services that
conceal their identity before cashing out. As a result, these attacks
end up being incredibly difficult to trace, even for law enforcement
agencies.
One of the most well-known ransomware attacks is the WannaCry attack
that occurred in May 2017. Over 230,000 computers worldwide were
infected, including major organisations such as the National Health
Service (NHS), FedEx and Renault. The computers targeted were running on
an old version of the Microsoft Windows that had not been updated with a
security patch released two months previously. Many users had not
installed the patch by the time of the attack.
What is the aim of Ransomware?
Most of the time, the main goal of ransomware is to raise money, not to
cause damage to the user’s system. Because of this, the requested ransom
amount is usually reasonably small, typically around £500 or less,
making it manageable for most targets of infection.
If the cybercriminals wanted to cause as much damage as possible, more
than likely, they would choose other forms of malware, unless they
wanted to disguise the attack, which seems to be the case with the Petya
ransomware attack in June 2017, that suspiciously focused on targeting
Ukrainian government institutions.
How do I prevent being infected?
Install all security updates
Users should make sure their operating systems and applications are kept
up-to date, in particular any anti-virus programs. As new viruses and
malware are being developed all the time, updates and patches are
constantly being released to plug exploits. Being even a day or two
behind on installing a new patch could make your system vulnerable. Keep
inventories of the software and systems you use, to ensure you are not
missing any.
Subscribe to update alerts
If you are concerned about missing out, most software companies will
send an email to alert you to new updates. Make sure to check if this is
the case, and that you are definitely a subscriber.
Be careful of what you open or click
Always avoid clicking on suspicious hyperlinks or email attachments.
These are common methods used by cybercriminals to spread malware.
Unsolicited emails from organisations you don’t deal with should always
be treated with suspicion. There are online tools available that can
actually check if links are safe, without you having to actually click
on them.
Backup your files
If you have up-to-date copies of the files that have been encrypted,
then there is no need to pay the ransom fee. Set some time aside to back
up files on a regular basis. Overnight is often a good choice, as
systems are not being used. There are many programs and plugins
available that can make automatic backups for you.
Education is the key
Make sure your employees and colleagues understand best practice when it
comes to cybersecurity, have a set routine everybody follows for backups
and updates. Even one weak link in an organisation can enable an attack
with serious consequences.
If you’re interested in a secure and powerful business process
management platform, book your free no-obligation SwiftCase demo today.