What is ransomware? Everything you need to know

Ransomware - latest statistics

- Almost half (49 per cent) of UK businesses would pay ransom following a ransomware attack (Malwarebytes)

- Ransomware victims have paid more than $25 million in the past two years to get their data back (Google)

- The number of ransomware attacks increased by 752 per cent in 2016 (Trend Micro

Ransomware: What’s new

16/08 - FEATURE - Simo Kamppari/Promisec - Ransomware threat accelerates with spotlight on endpoint security - It is now imperative that organisations prepare their networks and devices for the next ransomware attack...

14/08 - FEATURE - Jason Allaway/Ivanti - A game of keyboards: How businesses can defend themselves in the age of nation-state ransomware - Here are the five basics that companies must get right if they are to avoid finding themselves in the middle of a cyber game of thrones...

03/08 - NEWS - UK SMBs are failing to address ransomware threats - Webroot report reveals significant false sense of security at many businesses despite public awareness of WannaCry and NotPetya...

28/07 - NEWS - UK businesses most likely to pay ransomware fees - The cost of paying Ransomware are less destructive than downtime that follows, report shows...

28/07 - FEATURE - Matt Lock/Varonis - NotPetya: Not your average ransomware - The latest ransomware attacks locked users out of their systems as opposed to just encrypting their files...

26/07 - NEWS - Ransomware victims handed over $25 million in payments in the last two years - However it's unclear how much of that money made it back to the criminals, Google report claims...

24/07 - FEATURE - Phil Bridge/Kroll Ontrack Data - Petya – ransomware failing to hold us to ransom? - Despite the uproar caused by the latest ransomware attacks, the cyber criminals behind them were unable to collect payments from victims....

19/07 - FEATURE - Bogdan Botezatu/Bitdefender - The Petya attack was anything but petty ransomware - Poor implementation of the payment processing algorithm, paired with an unfortunate choice of victim country makes us think that this attack spelled “cyber-war” more than it spelled “money”...

14/07 - FEATURE - Raef Mauweisse/Cyber Simplicity Ltd - When it comes to Ransomware preparedness, complacency is no longer an option - Cyber criminals have stepped up their game and your organisation should too... 

To view all of our ransomware coverage, click here.

 What is ransomware?

Ransomware is one of the most virulent forms of malware, and one which has unfortunately become increasingly popular in recent years. Once installed onto a victim's computer, typically via clicking on an attachment or link within an email, the malware quickly encrypts all the data on the device, rendering it inaccessible and effectively locking the victim out.

The user is then confronted with a pop-up window or message explaining the infection, and explaining that if they wish to release their files, they will need to issue a payment, which can either be in cash, or increasingly in cybercurrencies such as Bitcoin - which are harder to trace.

The warning windows or message are sometimes disguised as coming from law enforcement or government agencies, making the user that they are being suspected of illegal or criminal activity in order to pressure them into paying.

PC devices are not alone in being attacked, either, as criminals have also recently moved into smartphone ransomware, meaning that using your mobile devices could also be risky.

Several recent major ransomware attacks, including WannaCry and NotPetya, have made headlines around the world, as due to its flexibility, the malware is able to infect all kinds of devices, whether belonging to corporate or consumer customers.

Ransomware FAQ

  •  How much does it cost to get your files back from a ransomware attack? 

The customisation of ransomware attacks has meant that criminals are able to tailor their demands depending on their victims, and the scale of their attacks.

Recent research from security firm Malwarebytes found that over half of all British businesses had been targeted by a ransomware attack over the past twelve months.

Over a third of victims had lost money as a result of an attack, and a fifth of British companies who had been hit by ransomware reported were asked for more than $10,000 to unlock their files, and three per cent of the demands topped $50,000.

One of the highest payments ever seen came back in March 2017, when the Hollywood Presbyterian Medical Center in Los Angeles paid out $17,000 in bitcoin.

Malwarebytes’ report found that a fifth of British companies who had been hit by ransomware reported were asked for more than $10,000 to unlock their files, and three per cent of the demands topped $50,000.

However attacks targeting individual consumers typically ask for ransoms in the hundreds of pounds or dollars.

  • What steps should I take if my business is hit by a ransomware attack? 

As with many cyber-attacks, staying calm and not panicking is always a useful first step.

Paying the ransom is not usually advisable, not least for the fact that it will only continue to encourage future attacks. Even if you do pay and get your files back, hackers may still have access to your device, meaning you could be hit again in future, leaving you even further out of pocket.

Unless all of your devices come under attack at once though, it should be possible to search online using a mobile or tablet device to see what steps you are able to take if your PC is hit.

Many of the world’s top online security firms offer free ransomware decryption tools, with the likes of Kaspersky working with Coinvault and Bitcryptor to help out consumers in need.

  • How can I protect against ransomware attacks?

As with most of the guidance towards staying safe online, protecting yourself from ransomware is largely a matter of common sense.

Keeping all your online security products updated, and ensuring you make frequent back-ups of all your data are simple steps, but may help reduce the impact of an attack.

The amount of investment and research carried out by antivirus firms these days means that even the free services are able to keep on top of the latest threats - and point you in the right direction if anything more serious appears.

Cyber-attacks are often designed to target large numbers of victims at once, so it's likely you will not be the only one affected.  As mentioned, the leading antivirus researchers always keep an ear to the ground to track the latest attacks, and should be able to offer guidance on the immediate steps.