Is ransomware here to stay?

Next story
Olivia Storey

With ransomware bringing organisations like the NHS to its knees, could this only be the beginning?

Ransomware has been big in the news in the past year, with large attacks like WannaCry and EternalBlue, which caused a global meltdown infecting more than 230,000 computers in over 150 countries.

Research by the BBC  suggests that ransomware has made cybercriminals at least £19million in the last two years, and that the fact it is so profitable suggests it is here to stay.

The researchers created virtual machines to generate ‘synthetic victims’, they then ran infected files through these machines while monitoring the network traffic. They used this to work out where the ransom money would be transferred, and they found there were two families of ransomware that made the most money; Locky and Cerber.

We discuss ransomware with Mark James, ESET IT Security Specialist, how this malware works, the best way to avoid being infected and what’s best to do if you do suffer a ransomware attack.

“Malware is bad, some infections are worse than others, but generally time, knowledge and an understanding of how the infection has taken root will enable you to remove most malware.

“However, Ransomware is a whole new level; it comes in two parts, the infection side of things will do all it possibly can to get on your machine, exploits, vulnerabilities, phishing, spam or email, and once infected, the Ransomware can then take hold.

“More often than not the encryption used is the same strength as would be recommended by professional companies to keep your data safe from prying eyes.

“Once your files are encrypted and your “scary screen of sorrow” is on display you only have a few choices.

Paying the ransom should not be a choice.

“All you are doing is helping them fund their next venture, or paying the criminals for their hard work.

“Decrypting the data could be an option; all you need is a public decryptor tool or a lot of GPUs (Graphics processing unit) and a time machine, or of course you could just restore from your backup…. You did backup, right?

“One of the attractions of ransomware is the ease of its availability these days.

“Programs can be rented or purchased from the darker areas of the internet for small amounts of money, and of course the ability to form an attack from anywhere in the world leaves the attacker feeling invulnerable or untouchable.

“If you then double that up with the perceived anonymity of digital currency transactions like bitcoin, it seems like an easy way to steal money from people you will never meet with little or no effort at all.

“Getting back to that backup thing I mentioned earlier, it really is the best way to protect against Ransomware.

“A good “point-in-time” regular backup stored off line or off premise will enable you to restore your files and data back to a safe time with little or no loss.

“Make sure you have a good regular updating internet security software package installed to stop the malware infection in the first place, and keep your operating system and applications up to date, this will limit the chance of exploits or vulnerabilities being used to infect you in the first place.

Have you ever been the victim of ransomware? How did you react? Let us know on Twitter @ESETUK.

Join the ESET UK LinkedIn Group and stay up to date with the blog. If you are interested in seeing where ESET has been featured in the news then check out our ‘In the news’ section.