Ransom ware has been around since 2005, so it is not a new threat. However, the recent blackmailing of the Lincolnshire County Council, forcing them to shut down their entire computer system for days, proves that ransomware is still an ongoing series issue for everyone.
Ransomware or malware emerged in the United States in 2005 but spread quickly throughout the world. Ransomware is a cyber attack software program that can hold a whole computer system hostage or it can encrypt files on the computer, blocking user access. The person or business whose system is infected with ransomware is usually directed, by a pop-up window, to pay for the “key” to unlock their encrypted data. They may be forced to pay to regain access to their computer system.
Ransomware Attacks and their Targets
Ransomware has been used to target consumers, small businesses, and large companies. The Lincolnshire County Council were confident their security measures would protect them from attack. The ransomware used against their system was “zero-day malware”, which means it was a type of ransomware unknown to computer security experts. This attack was the biggest attack the council ever experienced.
Initially, £1m was demanded by the attackers, in order to restore the systems data. The council did not pay the ransom. However, they were forced to switch off all of the servers and PCs in their system. Then, they had to conduct a sweep of the IT across their organisation to ensure the malware did not spread. The council staff had to use paper, pen and telephone to conduct business and the members of the public were urged via the local press to refrain from contacting the council for non-urgent matters, while their system was down. Their computer systems were closed for four days.
Difficult to Detect
Ransomware can be hidden in an email attachment and is often masqueraded as something innocent. When a person opens the attachment, the machine freezes and it becomes impossible to access information or retrieve stored data, such as documents and files.
There is a new strand of ransomware called CDT-Locker and it is extremely difficult to detect. It can be hidden in files in a way that make it hard for security software to tell if it’s there. Hackers make this files appear legitimate in order to get people to willingly download the file.
For example, a hacker may put the file in an email which appears to come from your utility company. The email may ask you to complete an attached form in order to avoid service interruption. The hacker may also pretend to be a person from your contact list. Hackers understand social engineering. They know you are more likely to click on a link from someone you trust, so they use that knowledge when sending out emails.
Cyber criminals may also spread their malicious code using newsgroup postings and social media sites.
So, how do you protect yourself and your business?
The most obvious answer is to be careful when opening links and emails. If you are not sure about an email attachment, don’t open it. Install the latest anti-virus software and make sure your system is backed up regularly on a separate computer. An up-to-date backup will allow you to retrieve your data if your system is compromised. If you fall victim to ransomware, here are a few things to remember:
1. Immediately turn off the computer. Then, disconnect the computer from your network. This is the most important step because the infected computer can spread the malware onto other computers in the network.
2. Contact the police. Ransomware is a serious crime.
3. Don’t pay the ransom. If you pay the attackers, they will be encouraged to attack others. Also, there is no guarantee that the criminals will unlock your system after you pay. They may decide to ask for more money.
For more details about the attack on the Lincolnshire County Council computer system or for more information about ransomware visit:
http://www.trendmicro.com/vinfo/us/security/definition/Ransomware
http://uk.businessinsider.com/how-to-protect-yourself-from-ctb-locker-ransomware-2015-6?r=US&IR=T
http://uk.businessinsider.com/heres-what-to-do-if-your-computer-gets-taken-over-by-ransomware-2015-6?r=US&IR=T
http://www.bbc.co.uk/news/uk-england-lincolnshire-35443434
http://www.computing.co.uk/ctg/news/2444577/it-restored-at-lincolnshire-county-council-after-ransomware-shutdown
For more information about how Amethyst can help protect you and your business, contact sales@amethystrisk.com.