What is ransomware?

If your business collects and stores data digitally, it’s crucial to understand the different types of malicious software so that you can ensure your systems are secure. With that in mind, here’s what you should know about ransomware.

What is ransomware?

Ransomware is just one of many types of malicious software (or malware for short). Broadly speaking, there are two main types of ransomware.

Locker ransomware

Locker ransomware is when devices are locked to stop you accessing them. The most common example is known as a lock-screen virus.

When you start up your device, a large warning message will appear that implies you’ve broken the law and that your computer is now locked until you pay up. In the vast majority of cases, criminals will try to scare you by making it seem like the message is from an official government agency.

Crypto ransomware

This is when individual files or data on devices is encrypted. An example of this type of ransomware is the WannaCry malware that crippled parts of the NHS back in 2017.

In both types of ransomware, criminals demand money (the ransom) to unlock devices or decrypt your files.

What does a ransomware hacker want?

Typically, money will be the main motive and you’ll be asked for money to gain access to your device or files.

In some cases, hackers are after sensitive corporate information which could be used to discredit firms and organisations.

How do ransomware attacks work?

Sadly, ransomware evolves, so methods vary and become more sophisticated over time.

Essentially, cyber criminals deploy ransomware by getting users to click or download a link that then locks or encrypts your computer or files. These links can be presented in a variety of ways, including:

• Phishing – this is when criminals ‘fish’ for details such as your username, passwords and date of birth. This information is then used to access, lock and encrypt your data.
• Exploit kits – these detect any vulnerabilities on your device and ‘infects’ your network through any breaches it finds.
• Malvertising – when ransomware links are hidden in online adverts.

If your computer or network has succumbed to ransomware, you’ll usually get a message asking you to pay a ransom in exchange for access.

In most cases, cyber criminals ask for the ransom to be paid in Bitcoin or another type of cryptocurrency so that the transfer cannot be easily traced.

What is the most common way to get infected?

Ransomware is frequently installed through phishing when unwitting victims click on links or open an infected attachment. It’s easy enough to do, especially if you regularly receive a lot of emails and open them on autopilot.

Another very easy way is for cybercriminals to simply link up to your network using the remote desktop protocol (RDP). As the name suggests, RDP lets someone else access your computer (you might already be aware of this if you have an IT department at work).

In most instances, RDP is a useful tool that lets an IT expert fix any minor issues you have with your PC. In a minority of cases, it can be used by someone with less than good intentions.

If the RDP is activated on your PC, it’s visible via the internet and hackers can easily force their way into your system. If you’re worried about RDP and leaving your PC open for an attack, you can find out how to disable it at Laptopmag.com.

Can you remove ransomware?

You can remove some ransomware with anti-malware programs which search for and remove any corrupted files. These types of programs work well if the ransomware is relatively basic – for example if it’s a lock-screen virus.

If the ransomware is sophisticated and your files have been encrypted, it can be very difficult or nearly impossible to recover the information. If this happens you may need to find an IT expert to see if anything can be done.

You can read more about how to defeat cybercriminals with anti-malware programs at PCWorld.com.

How long does it take to remove ransomware?

Data from the US suggests that the average amount of downtime when networks are infected is 16.2 days. In reality though it really depends on the severity of the ransomware attack and the number of computers or devices in your network.

What’s the average ransomware payout?

According to some statistics, businesses pay an average of £95,000 to regain access to networks and files.

Of course, it’s not just the cost of unlocking devices or decrypting files, the cost of disruption can be huge. One British pharmaceutical firm ended up losing £107 million through disruption, unfulfilled contracts, recovery and clean up. In fact, it’s estimated that ransomware costs the UK £346 million per year – resolving the NHS WannaCry breach cost £92 million alone.

Around 13% of firms and organisations in the UK end up paying the ransom. Officially, British law enforcement neither condones nor encourages ransom payments and it’s down to individuals and organisations to make their own decisions.

Naturally, paying the ransom doesn’t guarantee that criminals will release your PC or data and agreeing to pay them is an incentive for them to continue. For these reasons, it’s not always a good idea to pay the ransom and it can leave you worse off in the long run.

How serious is ransomware?

Ransomware statistics show that it’s a serious problem. A recent government survey revealed that 46% of all businesses in the UK had reported a cyber security breach in the 12 months leading up to 2019. More than a quarter of charities had also been hit.

Large and medium sized businesses are most likely to be affected with 75% and 68% of firms reporting cybercrimes, respectively. Worryingly, organisations reported that cyber breaches were happening at least once a week.

What to do with ransomware email?

If you’re in any doubt about the veracity of an email, don’t open it and never click on links or open attachments if you don’t trust the source.

If you have cyber insurance, you should let your provider know as soon as you receive a ransomware email. They’ll be able to take you through the next steps which will depend on the specific conditions set out in your policy.

If your network’s already been compromised you should disconnect infected computers from your network as soon as possible. You’ll need to reset all credentials on affected devices, remove all the data and then restore files from a recent backup. Needless to say, you should ensure backed up files are corruption free before reconnecting these devices to your network.

How to prevent ransomware

As in most situations, prevention is better than cure. Industry experts also strongly recommend that files are backed up on a regular (weekly) basis just to be on the safe side.

To reduce the risk of ransomware infecting your network, you should:

• Ensure all anti-virus software is up to date.
• Update all operating systems to the latest version.
• Always use unique passwords and change them on a regular basis.
• Never click on links or open attachments from sources you can’t confirm as genuine.
• Check that firewalls and safeguards are secure and can’t be easily breached.
• Train staff to recognise phishing emails and raise awareness of how criminals can dupe individuals into giving up sensitive information.

For more ideas and access to official guidance and training tools, visit the National Cyber Security Centre.

Does cyber insurance cover ransomware?

Policies can cover a number of events including extortion, fraud, data restoration, third-party liability as well as business interruption.

At Alan Boswell Group, our cyber insurance also covers reputational damage and breach expenses. This focuses on how the virus entered your network in order to minimise future attacks.

Ultimately, the type of policy that’s right for your business, will depend on its size, the safeguards you have in place and the type of data you store and manage. To find out more about how we can help, take a look at what our cyber insurance includes. For more bespoke advice or to tailor a policy, speak to an expert member of the team on 01603 218000.