Ransomware has been one of the fastest growing cyber crimes over the past few years and it only looks to get worse. Criminals are favouring infecting computers with ransomware over traditional forms of money laundering such as stealing credit card details.
What is Ransomware?
Criminals will find a way to gain access to your computer or mobile device and lock you out, demanding a ransom on order for you to access your data and files again. Often the amount they ask for will make most victims feels as though they have to make the one off payment – usually in Bitcoins – in order to gain access to their files again. The overwhelming majority advise not to pay the ransom when this happens (including the FBI) because not only is there no guarantee that it won’t happen to you again, it also validates the effectiveness of the scheme to make money.
How Much Money Have They Made?
Criminals that make use of ransomware software have made multiple millions of dollars in the last few years. Just the cases that were reported to the FBI in 2015 added up to $24million in the pockets of the deployers of the extortionists, and according to the Cyber Threat Alliance the CryptoWall ransomware that was discovered in January 2015 has made an estimated $325million in damages – this includes storing back up data and de-bugging machines.
Who Needs to be Worrying Most?
Ransomware will usually go after companies or organisations that heavily rely on accessing sensitive data daily because they’re more likely to pay the ransom quickly as they can’t afford the down time it would take to counter an attack. These include hospitals, airports and airlines, banks and police departments, however individual users will also be targets.
What Can be Done to Prevent an Attack?
Back Up Data
Firstly, regularly backing up important data is the most effective defence against ransomware, making sure you’re not vulnerable to their threats. It may mean locked computers but you won’t have to pay to see important files or data again. Try to ensure that these backups are done offline and not on a network share as these are as at risk of ransomware as the desktop. If you do a backup on to an external hard drive then it needs to be removed from the computer otherwise that will be encrypted too. In February and March of this year two hospitals in the US (The Hollywood Presbyterian Medical Center in Los Angeles and The Methodist Hospital in Henderson, Kentucky) were targeted for ransomware attacks, the former paying up the $17,000 Bitcoin ransom in order to gain access to their systems again with the latter choosing not to, restoring their data from a back up.
Don’t Click Suspicious Links or Open Unknown Emails
Usually computers will end up infected with ransomware because the user has clicked on a link or opened an attachment in a phishing email, opening up their computer to malware. This may seem obvious and the majority of people are aware of this, so ransomware hackers have devised a clever way of tricking people into clicking on malware infected URLs; malvertising. They compromise adverts on websites that you know and trust and will trick you into clicking a link that you are for the most part confident about.
Many companies are giving their employees online security training in a bid to lower the risk of infection due to click-happy members of staff. If employees can be trained into recognising phishing emails, it could drastically reduce the risk of an entire company falling victim to a ransomware attack.
Remove Any Vulnerabilities
Having a sophisticated security system is also one of the best ways to prevent against an attack. Human error will happen and so individual users cannot be held entirely responsible for making sure an attack doesn’t happen. There are security systems that claim to be able to block the majority of potential attacks from malicious websites through detecting ransomware and malware however no security system is perfect. If third party plug-ins aren’t up to date – such as Java or Flash – they will use these to access your computer.
Cut it off at the Source
If one user or computer gets infected and you catch it in time, disconnect it from the system to stop all other machines from being infected too. This means removing it from the WiFi, bluetooth and the corporate network. Once this has been done the type of ransomware can be detected and possibly bypassed depending on how sophisticated it is.
These are the relatively simple things that you can be doing in an attempt to prevent a ransomware infection, however they are not foolproof. If you cannot find a way around the ransomware and your data hasn’t been backed up then a payment is necessary, even though it is advised against.