Ransomware presents a serious threat to business data, as it has the ability to lock access to files until the victim pays the attacker. It is a form of malware that works by encrypting user data until the correct decryption key has been entered. However, users can only gain access to that key by paying the ransom the attacker has set.

This specific type of malware has been around for a while, although criminals are now using it to scam individuals as well as businesses who have traditionally been the prime target. In recent weeks a new variant of Cryptolocker (a type of ransomware) has been affecting UK businesses and it seems the only way to retrieve data other than restoring from backup is to pay the ransom.

[themecolor]How does it work?[/themecolor]

Ransomware is often attached via an email, a computer programme that’s been infected or a website which has been compromised. However there have also been examples of more sophisticated infections. A whitepaper from Sophos called ‘Ransomware: Hijacking Your Data’ notes that, in some cases, people have been presented with a message that appears to be from the ‘Federal Bureau of Investigation’. Those victims are then asked to pay a fine because their computer has apparently been used for illegal activities.

Not every type of ransomware will directly ask its victims for money though; the Sophos whitepaper explains that in a similar vein to fake malware, the main purpose of ransomware is to scare its victims into making a purchase. Whereas fake malware will try to persuade users to buy a virus removal programme, ransomware sometimes counts on its victims searching for the problem online.

This is reflected by Google Trends statistics which show that ‘ransomware’ is now more commonly searched for than ‘fake malware’. The attackers depend on this searching as it will often lead victims to buy software from a legitimate website – a technique known as blackhat SEO (search engine optimisation).

[themecolor]Prevention advice[/themecolor]

  • Do not click or open any suspicious attachments. If in doubt ask your IT support team.
  • Antivirus software should be updated, as should operating systems.
  • User created files should be backed up routinely and preserved off the network.

[themecolor]What are your options if you become infected?[/themecolor]

Where a computer becomes infected it should be disconnected from the network, and professional assistance should be sought to clean the computer. M2 offer remedial software solutions that can remove infected machines although we cannot guarantee decrypting files and these must be restored from backup.

M2 suggests that running a reliable backup is the best way to avoid falling victim of ransomware. After all, not only does it seem wrong giving into the bad guys but, even if you do decide to pay the ransom, what guarantee is there that your files will be decrypted afterwards?