2017 is likely to be remembered as the year of Ransomware. Ransomware isn’t a new problem. It’s been around for a long time but this year there were some interesting developments which saw attackers use different ways to try and ensure that the attacks had significant impact on victims.
Ransomware is nasty type of malicious software that typically encrypts the files on a computer or network. The attackers then demand a payment in order for them to “decrypt” your files and let you get access to them again.
One of the first Ransomware attacks was thought to have taken place back in 1989 when someone targeted the healthcare sector and distributed floppy disks (remember those?) that infected users’ computers and demanded around $600 to get the files back. The average demand for a ransom (according to Symantec) is now around $1000 and the healthcare sector is still a common target for Ransomware distributors.
The method of infecting computers may have changed since 1989, with most attackers looking to infect users by sending malicious emails but the effect is still massive.
Just look at the impact that Wannacry had on the NHS back in May of this year and also the Petya/NotPetya attack which is thought to have cost Maersk $300 million in late June. Both of these attacks spread quickly across networks using vulnerabilities that could have been prevented had organisations been keeping their systems up to date.
Ransomware of course doesn’t just appear on desktop computers, it can also be installed on mobile phones. Learlocker was a variant of Ransomware that was found hidden in two Android mobile applications. This particular version didn’t actually encrypt the files on the device but locked the home screen and threatened to share the data on the phone with all the victim’s contacts.
The best way to protect yourself from Ransomware is to ensure that you are regularly backing up all of your data. This way if you are infected then you can reinstall the operating system and restore from your latest back up. It is not recommended that you pay the ransom (although according to Norton 34% of victims do pay up). If you do pay, there is no guarantee that you will actually get the decryption key to retrieve your files.
As mentioned above, typically this type of virus is installed when a user accidentally clicks on a link or downloads a file from a spam email. It is important that your staff are well trained in spotting malicious or spam emails and know how to deal with them.
It is important that you have a plan in place to respond to such an incident. Would you or your IT department know what to do if your organisation was hit with Ransomware? What would be your first actions?
SBRC cyber division Curious Frank can facilitate the scenario based exercise that would simulate a Ransomware attack and talk through the possible actions and best course of action. To find out more email [email protected].
Written on 10 January 2018