The toll that a ransomware attack can have on its victims is terrible. While we often think of the payoff that criminals demand or the disruption to productivity, it’s the personal impact that can be worse. For systems administrators – especially at smaller companies – the stress of falling victim and dealing with the aftermath is incomparable. Sometimes, it can lead to people losing their jobs or companies closing down. In the very worst cases, it may even lead to suicide.
And, worryingly, ransomware is on the rise. While the underlying technology has been around for many years, its use has skyrocketed since 2015 – with the 2017 WannaCry outbreak grabbing headlines around the world. Today, there are hundreds of millions of individual ransomware attacks every year, a figure that ballooned during the pandemic and the rise of working from home. There are even outfits providing ‘ransomware-as-a-service’, allowing criminals with no technical skills to use this malicious software in return for a fee.
Given how pervasive this threat is today, it’s vital to get up to speed with what ransomware is, and how you should deal with it.
What is ransomware?
Ransomware is a kind of malware that enters a victim’s computer, encrypts files, then demands a ransom from the victim. The victim must pay a fee, usually in cryptocurrency (so the criminal can’t be traced) in return for the ‘keys’ to unlock their files. The malware can be loaded onto a target computer by any number of means, including phishing emails, downloads from unsecured websites or unpatched vulnerabilities in an app or operating system. For a more detailed overview of how ransomware works, visit the National Cyber Security Centre’s website.
Anyone can become a victim of ransomware – from major public sector organisations through to small businesses and private individuals. Ransomware gangs may target specific institutions, or they may do ‘drive by’ attacks, randomly attacking different people in the hope of striking gold.
Dos and don’ts if you become a ransomware victim
A ransomware attack can often take several weeks to progress, as the attacker covertly accesses your back-end systems. However, the first you may know of it is when you try to open an encrypted file and a dialogue box displays on your screen telling you that your device is infected and a ransom must be paid.
If you fall victim to ransomware, bear in mind the following dos and don’ts:
Do
- Isolate the infected device(s) as soon as possible. Disconnect them from the internet and your network
- Leave the machine turned on – shutting the system down is risky as the files may be unstable and you could accidentally wipe your data
- Go online and check if there’s a decryptor available – the excellent No More Ransom website provides keys to unlock some (but not all) of today’s ransomware keys
- Contact the authorities. Police cybercrime units might be able to help unlock your files, and even prosecute the criminals. You can report a cybercrime in the UK here
Don’t
- Pay the ransom. While many victims do ultimately choose to pay up, a study from 2021 found that only 8% of companies who pay get all their data back, and a third got less than half. Since you’re dealing with criminals, there’s really no guarantee they’ll hold up their side of the bargain. What’s more, if victims pay them, it only encourages this behaviour
- Wait – the slower you respond to a ransomware attack, the faster it may spread to other devices and systems
- Instantly wipe the infected computer or server. It may be possible to recover encrypted data, so hold onto the quarantined machine until you’ve dealt with the wider issue
Related: 2023 cybersecurity trends
Prevention is better than cure with ransomware
You may not have yet been a victim of ransomware, but there’s no room for complacency. According to one study, a new organisation is targeted by ransomware every 11 seconds. Of course, not all those attacks are successful, but it takes just one unsuspecting employee to click on a link, and your organisation could be affected.
There’s no way to become completely invulnerable to a ransomware attack. However, the following steps can help:
- Training and education
Most ransomware attacks begin with some form of phishing or social engineering campaign (e.g., emails purporting to be from senior staff containing links). Employees need to receive regular training on the kinds of techniques cyber criminals use, and what to watch out for.
- Update your technology
You can also reduce your risk of being infected with ransomware by keeping all your systems patched and up to date.
- Use proactive anti-virus technologies
Many anti-virus technologies today actively monitor your environment for activity that looks like ransomware. It can, for instance, spot files being encrypted and alert you to this before the problem gets any worse.
- Back data up
It’s good practice to regularly back up files to a completely separate location. This means that if you go get attacked, you’ll be able to quickly restore your systems to a recent date.
- User authentication and zero trust
Some kinds of ransomware are loaded onto your systems by criminals who’ve guessed one of your employee’s usernames and password. They can then stealthily inject the malware. However, this kind of risk can be tackled by using a ‘zero trust’ model for IT. Essentially, an employee must use multiple ways to authenticate who they are, and then re-authenticate when entering new environments within your IT estate.
On demand webinar: Identity is the new security
Get ready for ransomware
At FITTS, we know how damaging ransomware can be – not only in terms of money and lost productivity, but also on a personal level for the victims.
Our experienced security teams can help you assess your ransomware risk, review your current security posture, and put structures into place to reduce the danger. We’re also experienced with using anti-ransomware technology, which actively seeks problematic code out.
Reach out today to discuss your plans for responding to ransomware.
