Ransomware attacks are on the rise. Businesses are losing revenue and experiencing disruption because of attacks which target and hijack their critical data.
This factsheet explains what ransomware is, what effects it may have on your business and how you can prevent ransomware.
What is ransomware?
Ransomware is a type of malware that locks and encrypts your data and computer systems, and prevents you from accessing them. It requires you to pay a ransom in order to regain access to your files.
How does ransomware work?
Ransomware can enter your machine or network via different routes, including via:
- bogus emails
- compromised web applications
- drive-by downloads - when software is unintentionally downloaded to your computer from the internet, often without your permission or knowledge
The malware is downloaded to your system after you click on a link or a compromised attachment. These usually appear quite legitimate, such as an invoice, electronic fax or, commonly, a shipping delivery notice.
Once downloaded, the malware initiates ransomware code and encrypts all the files on your computer, as well as any attached external or network drives. The attackers hold the decryption key to your data and demand a payment, often in a digital currency such as BitCoin.
In return for the payment, they promise to decrypt your data. However, there are no guarantees that they will actually unlock and restore your files. On the contrary, they often provide files which contain further malware simply prolonging or diversifying the attack.
Ransomware impact on business
For a business, ransomware can:
- cause difficult downtime as it shuts down their equipment and infrastructure
- devastate productivity, leading to financial and reputational damage
- further cause financial losses, if the business decides to pay the ransom
- put sensitive data at serious risk
See more on the potential impact of cyber attack on your business.
Types and examples of ransomware
One of the better-known strains of ransomware is Cryptolocker, discovered in 2013. The headline attacks in 2017 included WannaCry in May, ExPetr in June and BadRabbit in October.
More recently, ransomware-as-a-service tools such as Shark have become prevalent. The code of such tools is distributed free of charge, but its creators get a percentage of every successful ransom collected.
The average ransom demand appears to be rising, with amounts requested ranging from a few hundred to a few thousand dollars. Research suggests that over half of UK businesses experiencing an attack eventually pay the ransom, in an attempt to resume operations and gain control of their data as quickly as possible.
How to prevent ransomware
Email, social posts and even texts are the most common ways ransomware criminals are infiltrating computer networks, so following basic online security practices should give you a certain level of protection. For example:
- keeping an offsite backup of your key business data so if your computer systems are encrypted or infected you have the key data needed to rebuild your systems and become operational again quickly
- using integral email security, such as spam filters that catch phishing emails and malicious attachments
- not clicking on suspicious links or attachments that do come through into the inbox
- looking after your passwords and changing regularly to strong, unique combinations
- regularly checking and applying security updates for the software and operating systems on all your devices
Adding two-factor authentication to your core accounts, such as email or financial services, can boost your defences further. The two-factor authentication requires a second step, such as a text message to a phone or the swipe of a finger, to be used in addition to a password to log on to an account.
While there are no guarantees, keeping malware software up-to-date and ensuring that your browsers, operating systems and web publishing platforms have all the necessary patches should also help protect your systems against ransomware.
If you find that your computer has been infected by ransomware, the first thing you may want to do is alert the Police Service of Northern Ireland (PSNI). They may not always be able to assist with the recovery of your files, but they can investigate the attack and attempt to identify and prosecute the offenders. You can report the incident via the PSNI portal.
Secondly, you will want to turn off your computer as soon as possible and disconnect it from the network. This is crucial to preventing the infection spreading to the other machines sharing the same network.
You can then try to identify and remove the ransomware from your computer. However, even if you are able to remove the software, recovering your data is rarely possible without the key to decrypt it – therefore you will most likely have to make a decision whether or not to pay the ransom. If you decide not to pay the ransom, restoring your backed up data (provided that you have it) will allow you to make a fresh start.
Importance of backing up your data
Best practice in case of any type of cyber attack, and especially so with ransomware, is to ensure that you have a robust backup policy in place.
If managed securely, regular backups of your business' critical data will allow you to:
- roll back to a version of your data prior to ransomware encryption
- recover the majority of your data without the risk of further attacks
- resume business operations with minimal disruption and costs
Ransomware continues to evolve and cause significant disruption to businesses around the world. If you are affected, or unsure how to protect your systems, you can contact Invest Northern Ireland's ICT advisers on Tel 0800 181 4422.