In the last 13 months the UK lost a reported £10.4 million to cybercrime, as per official police statistics. One of the most damaging forms of cybercrime comes in the form of Ransomware.
Not only that, but 81% of cyber security experts believe we are likely to see more ransomware than ever across the next few years, thanks to its increasing prevalence. It’s a terrifying prospect for businesses especially, who stand to lose everything, and so we’ve compiled everything you need to know in this article, including why you should never pay for ransomware.
What is Ransomware?
For the uninitiated, Ransomware refers to malware that encrypts files on anything from your PC to your whole network, meaning you will not be able to access them without a password. When this happens, the only person who has access to that password is the person who has infected your tech.
This person will then contact you, often completely anonymously, to issue you with an ultimatum: pay up, or lose your files forever.
This can be a terrifying prospect, and can affect just one person’s personal laptop, or even an entire company server. Worse still, the results can be catastrophic if the affected user has not had the presence of mind to backup their files before the attack – which can often mean you are left with no other alternative than starting completely from scratch. It’s very possible that a company could be left in disarray from this.
Why you should never pay up for a ransomware attack
The sad fact is, no matter how tempting it may be to give up, fork over the cash, and leave this nightmare behind you – paying the ransom is never the answer.
Giving money to these cybercriminals only perpetuates the behaviour; after all, you have shown them that this is a profitable way to behave by giving them exactly what they want.
Not only does this mean you have emboldened them to target others in a similar fashion, but you also paint yourself as a soft target. Even if you go out and attempt to strengthen the security of your networks, these criminals now know that you are willing to pay up – so you will be twice as likely to be targeted as they will be actively looking for vulnerabilities in your system again.
You also run the incredibly high risk of nothing happening after you relinquish the ransom. Remember: these people are criminals; who says they have to give you all your data back once you pay up? You are hardly going to take them to court over the trade’s descriptions act.
There have been plenty of examples where ransomware cybercriminals haven’t played fair – a recent study showed that a staggering 92% of companies don’t get their data back after paying up.
Even UK home secretary Priti Patel takes a hard line in regard to ransomware pay-outs, speaking at the National Cyber Security Centre’s conference she said: “The Government has a strong position against paying ransoms to criminals, including when targeted by ransomware… paying a ransom in response to ransomware does not guarantee a successful outcome, will not protect networks from future attacks, nor will it prevent the possibility of future data leaks. In fact, paying a ransom is likely to encourage criminality to continue to use this approach.”
So, what can I do to stop ransomware attacks?
Sadly, if you are reading this article following an attack, it is probably too late. There are some options you can take, such as looking for encryption keys online for people who have suffered similar attacks from sloppy hackers and want to share.
No More Ransom is a great organisation for this, they act as a repository of keys and applications that can decrypt data locked by different types of ransomware. Though, they will likely tell you, in most cases once you have been infected there is little you can do without a backup in place.
As always, prevention is the best medicine.
The easiest way to be affected by ransomware, as a business, is cybercriminals sending phishing emails to your staff in order to get them to click the malicious link hidden within the email and install the virus within their system – which can then take root across your entire network.
Human error is, by and large, the #1 reason why these attacks can be launched successfully. Oftentimes it becomes apparent that the person responsible had no idea that the method of online attack even existed, which is why educating the workforce on cybercrime and information security is your key solution to preventing this happening within your business.
Companies, such as British Assessment Bureau, offer a robust information security management certification, to help ensure your entire workforce is up to date with their cybersecurity knowledge. Not only that, but you will learn how to continually refine your security processes in order to keep your data safe long into the future.
The importance of having everyone in the business become an active stakeholder in the company’s security cannot be overstated, after all, it very well could be a matter of people’s livelihoods at stake if you were to suffer a devastating ransomware attack.
Contributed by Mark Nutburn, group IT director, British Assessment Bureau