• 01525 331060

Ransomware - Should you care?

6th June 2022
You’ve reached the turning point in the novel. 21,631 words in - it’s the perfect set up – will she or won’t she? And you’ve got another tab open – a spreadsheet containing all the jobs completed over the last month. This is also the laptop you access your client’s payment records – you’ve never worried about backup. You can see where this is going…and gone! You’re locked out! Now you risk losing everything, unless you pay £1500 within 24 hours.

Ransomware doesn’t only affect big business…

‘Those inflicting these [ransomware] attacks know that SMEs may believe themselves to be ‘under the radar’, and that they are more likely to have a lack of resources, a lack of effective protection and more incidences of human error – as cyber security training is unlikely to be priority. It’s for all of these reasons that SMEs are a perfect victim for attackers.’ Source: CBR (Computer Business Review)

But, you can prevent ransomware attacks.

In this very short article we’ll let you know a few simple but highly effective measures you can take to help prevent becoming a victim of ransomware. You’ll also find out:

  • What Ransomware is
  • How you get infected
  • What happens when you’re attacked
  • If paying the ransom ever works

What is Ransomware?

Simply put, ransomware is a form of malware that locks you out of your files or devices and demands a ransom to restore access.

How much are we talking?

Ransom amounts can be as low as £80, or be well into the thousands and even the millions. In fact, many cybercriminals now have software that works out the optimal ransom based on factors such as the size and location of your business.

Check out these two stunning examples.

  • According to Comodo, in January last year, California based defence contractor, CPI were forced offline and had to pay approximately $500,000 to restore access to their data – they still hadn’t resumed operations by March.

  • Portuguese energy company Energias de Portugal (ADP) faced an even more frightening prospect when cybercriminals demanded a ransom of €9.9 million.

How you get infected

Getting infected by ransomware is easy, especially if you don’t have decent antivirus software, or you have poor firewall configurations, with open ports (especially 3389, a port commonly used for remote desktop connections).

But, one of the most common ways to get infected with ransomware and other cyber nasties, is via an email scam called spoofing. Spoofing is where attackers use various tactics to get you to open an email that contains malicious software.

3 Common spoofing tactics

Below, we’ve listed 3 of the most common spoofing tactics cyber criminals use to infect your network or device with ransomware. Check them out, and if you run a business, make sure your team is aware the tactics, what to do if they encounter them.

1. Smishing

Similar to email spoofing, smishing is done via text message. These texts usually pretend to be from your bank or internet provider etc. and encourage you to give away information that can be used to access your device.

2. Caller ID spoofing

Where the spoofer creates a false phone number that looks like a legitimate number from a company or individual, and as with smishing, fools you into giving the cybercriminal access to your phone.

3. URL spoofing

This is where the spoofer sets up a fake website designed to look like the real thing and gets you to disclose passwords etc. or download malware disguised as legitimate downloads.

If you do receive a suspicious email, the best advice is:

  • Don’t open it.
  • Contact the sender independently.
  • Never reply or open any links or attachments.

What happens when you’re attacked?

Whichever method cybercriminals have used to gain access, your computer or device will be locked, and you’ll get a message saying that your files are encrypted and inaccessible. This means your files have been converted into code only the attacker can decrypt.

The message will then go on to tell you that the only way to regain access (get the decryption key) is by paying a ransom using a Bitcoin payment or bank transfer.

Should you pay up?

NO…but…

Cyber criminals need to be stopped, and, if they keep getting paid, they’ll keep attacking.

So, if you want to act for the greater good, it’s probably best to take this advice – it’s even backed up by the FBI.

Does paying the ransom ever work?

Research does suggest some attackers return the data after receiving payment. And because the price of ransomware removal can be more expensive than the ransom, several larger businesses actually factor payments for ransomware attacks into their IT budgets.

But..

Trusting these criminals to hand back your data after receiving the ransom, is beyond crazy.

It will be devastating to lose those precious photos and important files, but losing a wad of cash into the bargain will just double down on the hurt.

How do you protect yourself?

Most cybersecurity experts agree - when it comes to ransomware, prevention is the best way to avoid an attack. Below are a list of prevention and protection measures everyone should take to avoid all types of malware, including ransomware and other nasties, such as, spyware, info-stealers and trojan bots.

Backup. Backup. Backup

This is the number 1 rule when it comes protection against ransomware, but is often the advice most likely to be ignored. Backing up regularly means your data will be easily restored should you be unfortunate enough to be infected with ransomware.

A useful guide on the best way to backup is using the ‘Rule of Three’ - a method created by photographer, Peter Krogh and still recommended by most professional IT consultants:

The Rule of Three

  1. Keep a minimum of three copies of your data.
  2. Use two different methods to store the copies
  3. Store one or more of the copies offsite

For a more in-depth look at the ‘rule of three’ follow this link – it is perfectly safe, but if you’re unsure, you’re welcome to go through Google.

Get the best cybersecurity

Having advanced cybersecurity is one of the best ways to prevent a ransomware attack. A program with real-time prevention, such as Malwarebytes for Windows will protect you from all known major ransomware attacks.

Don’t open untrusted links

Never click on links you don’t trust including links in emails and on unfamiliar websites.

Don’t download from untrusted sites

If you’re unsure, look for https and the lock symbol in the search bar, before considering whether to download software or not.

Don’t over-share personal data

Only share your personal data on sites you know to be safe. If a company contacts you to request information, contact the company independently to verify the request.

Never plug in an unfamiliar USB

If you don’t know where the USB came from, don’t plug it into your device under any circumstances.

Be careful when using public WIFI

Don’t log into your bank account or similarly confidential accounts when using public WIFI connections unless you use a VPN (virtual private network).

To Conclude

If your IT network is attacked, there are effective remediation steps a good cyber security team can take. But, these actions can be costly and often time-consuming and add to expensive downtime.

So, to reiterate, when it comes to protection against ransomware, prevention (including using some of the tips mentioned in the blog post) is always the best line of defence.

Contact us

If you’d like to protect your business from ransomware or any other cyber threat, contact JamCrackers today. We have over 10 years’ experience in the implementation and management of world-class, bespoke cyber security solutions to businesses across all sectors.