Holding data hostage: The rising threat of ransomware

Ransomware has been one of the most rapidly growing threats to an individual’s and organisation’s computers, networks or data.

Operating in the IT sector is not without its challenges. As security and data protection have become more refined, the threats and exploits used to target businesses have also evolved; becoming more sophisticated and malicious.

A malware type called ransomware has been one of the most rapidly growing threats to an individual’s and organisation’s computers, networks or data. When ransomware infects a victim’s computer, the device is either locked or its data is encrypted, held hostage, until a ransom is paid to cybercriminals for a decryption key. Ransomware has been around for a long time, however, in the past couple of years it has become one of the most prominent and costly threats to businesses across the globe.

In August 2016, Malwarebytes surveyed 500 companies and found that 40 per cent of them have experienced a ransomware attack in the past year; with 54 per cent of UK businesses claiming to be victims. In addition, security solution provider Trend Micro, carried out a report into the rising threat of ransomware and found that attacks are up by 179 per cent in the first half of 2016 compared to the whole of 2015.

More and more ransomware attacks are being reported in the media and it isn’t just large private organisations that are being hit. In September 2016 it was reported that 28 NHS Trusts had admitted to an attempted attack being carried out against them. Additionally, universities and other academic institutions are proving to be popular targets with Bournemouth university being attacked 21 times in the past 12 months.

Despite the growing risk ransomware poses, security experts claim that UK business are still failing to take the threat seriously and therefore aren’t adequately protecting themselves from being a target. So what is holding these firms back from taking notice of a very real threat? Are they simply hoping that they don’t fall victim to such an attack or are they in the dark on how they can properly prepare?

To pay or not to pay the ransom?

Malwarebytes’ research into ransomware looked at the impact of the attacks and in particular the financial implications for those who are targeted. It revealed that the ransom demanded could be a significant financial blow for the company. One-fifth of British firms hit by ransomware reported the ransom to be more than $10,000. An additional 3 per cent were charged over $50,000.

Whilst the costs associated with ransomware can be hefty, firms are still paying the ransom in order to get their data back. Paying the ransom doesn’t necessarily guarantee that a victim receives any data back and will only encourage cybercriminals behind ransomware attacks to continue with their illegal activity, perpetuating the criminal market for this activity.

Trend Micro found that one in three targeted firms who paid the ransom still didn’t get their data back. However, for many organisations paying the ransom seems like the only way to gain access to their data.

Prevention and protection is key, backup Is a must

Ransomware spreads through a various number of ways, but four of the most common ways are: through spam emails and unsolicited email attachments, infected removable drives, compromised webpages, and bundled with other software downloads. In order to avoid coming into contact with ransomware one must be vigilant.

Practice email hygiene, don’t open suspicious looking emails or click on unknown attachments and links. Be careful when connecting unknown removable drives to your machine. Use caution when browsing the Internet, be sure your firewall is activated. Whenever you download any software applications, ensure that you use reputable download sources.

Backing up data is probably the most important step to safeguard against ransomware. Anti-ransomware specialists recommend backing up all data outside of your own Local Area Network (LAN) and making sure you have the ability to recover an entire system. It’s critical to ensure the backup is isolated from your network to keep it safe from infection. It is also important to check the integrity of your backups regularly to ensure you are prepared in case of a ransomware hit.

If you back up in this manner and you are the victim of an attack, you are able to format everything to rid yourself of the ransomware infection and then do a full system recovery. This way you will not have to engage with the ransomware at all and you can restore your computer back to the way it was before it was compromised.

In addition to backing up your company’s data, investing in reputable antivirus software and a robust, well configured firewall is key in preventing the threat of ransomware. Keeping your security software up to date will allow for early detection of an infection. Organisations seeking to ensure a ransomware infection has minimal impact should ensure that their backup regime provides the ability to access backed up data instantly in the event of a disaster.

If your current backup service provider can’t accommodate providing instant access to your data, perhaps it is time to change.

Paul Evans, Co-Founder and CEO of Redstor

Image source: Shutterstock/Carlos Amarillo