Ransomware

Ransomware is a tactic used by criminals to cause disruption to an organisation. Typically this malware strain works through encryption; locking access to company systems, files and data until a ransom is paid. The cost of this can range from hundreds to thousands, with no guarantee that if you pay the ransom you will get your systems, files and data back.

This type of exploit has a relatively low cost to administer, with a high profit return and is one of the most commonly used cyber security attacks. As it is relatively easy to perform, it is used by multiple threat actors; from novices to highly structured criminal groups. Some ransomware will also try to spread to other machines on the network, such as the Wannacry malware that impacted the NHS in May 2017.

 

How does it work?

Ransomware is a specific strain of malware that can gain entry onto a organisations network through multiple entry points. Due to the low cost, it is typically deployed via email campaigns, where there is a malicious link or attachment for users to engage click or download; giving cyber criminals an open gateway to your companies complete IT infrastructure and access to sensitive files and data.

How Ransomware works

Once this link or attachment is clicked or downloaded, cyber criminals can move around your network freely, viewing and gaining access to multiple files and pieces data. The really sophisticated attacks, can spend days, months and even years in your organisation, learning everything about you so that the ransomware can be timed to cause the most damage and disruption to your organisation.

As ransomware is deployed, attackers encrypt files, data and systems and these cannot be decrypted without a pre-set key. In order to gain this key, the users will be sent a message by the hackers asking them to pay a Bitcoin transaction.

 

What are the consequences?

Data

One of the most common targets by cyber criminals and attackers is an organisation’s data. Whether it’s specific intellectual property, or whether it’s sensitive data regarding your employees or accounts, they utilise this within their attack and lock you out of essential information.

Cost

Ransomware encrypts and locks multiple systems, files and data, meaning organisations can’t operate fully until they resolve the issues; even if it takes months to remedy. Costs can increase due to replacing systems, investing in new security measures and in some cases, potential legal penalties.

Time

Preparing yourself for a ransomware attack and implementing a good pro-active approach to your security strategy is relatively easy to do. Reacting to a ransomware attack can take a long time and become very complex for your organisation.

Reputation

The above issues typically occur immediately during a ransomware attack however the way you handle this type of cyber security threat can have a long term negative effect on your organisations reputation. If you can’t maintain data privacy, how can your partners or customers have any trust in your organisation protecting their sensitive information?

Regulation

After a ransomware attack you could end up with regulatory fines. The General Data Protection Regulation (GDPR) is based around data protection and privacy. If you have issues with data during a ransomware attack, then your organisation could face fines of €20 million or 4% of your annual global turnover – whichever is greater.


Under attack?

Firstly, do not pay the ransom.

Law enforcement do not encourage, endorse, nor condone the payment of ransom demands. If you do pay the ransom:

  • there is no guarantee that you will get access to your data or computer

  • your computer will still be infected

  • you will be funding criminal groups

  • you're more likely to be targeted in the future

Attackers will also threaten to publish data if payment is not made. To counter this, organisations should take measures to minimise the impact of data exfiltration. The NCSC's guidance on Protecting bulk personal data and the Logging and protective monitoring guidance can help with this.