Should You Pay a Ransomware Request?
Ransomware is a form of malicious software known as malware that aims to extort money by encrypting (locking you out) computer files and demanding a ransom for the decryption password.
How can I protect myself from Ransomware?
Ransomware exploits known security vulnerabilities; ensure all your systems and applications are always updated - this reduces the risk of malware infection.
Ransomware normally arrives via phishing (scam emails and texts); ensure your staff knows how to spot a scam email or text.
Should You Pay a Ransomware Request? What does law enforcement advise?
Remember that GMP and all law enforcement do not encourage, endorse, nor condone the payment of ransom demands. If you ignore this guidance and pay the ransom:
There is no guarantee that you will then gain access to your data or device(s).
Your computer will still be infected.
You will be paying a criminal group.
You're more likely to be targeted again in the future.
Back in January, the Scottish Environment Protection Agency (SEPA) confirmed it was the victim of an ongoing ransomware attack. SEPA had about 1.2GB of data stolen from its digital systems on Christmas Eve, and Sepa decided not to play ball with the cyber criminals.
Ransomware is a scourge that is costing organisations billions of pounds, and every time a victim pays, it fuels further attacks. Sadly for Sepa, this is far from over.
How can I protect my business from losing access to my data by ransomware?
It's important you take steps to protect from the loss of access to their data by ransomware and the risk of data theft.
Make regular backups - Ensuring you have up-to-date backups is the most effective way of recovering from a ransomware attack. Make regular backups of your most important files and ensure you create offline backups that are kept separate. They should be kept in a different location (ideally offsite), from your network and systems, or in a cloud service designed for this purpose.
Prevent malware spreading - Make sure that your systems are reducing the likelihood of malicious content reaching your devices through a combination of; filtering only to allow file types you would expect to receive and blocking websites that are known to be malicious. Public sector organisations are encouraged to subscribe to the NCSC Protective DNS service. This will prevent users from reaching known malicious sites.
Prevent malware from running on devices - Take steps to prevent malware from running. The measures required will vary for each device you have and its operating system. You should look to use device-level security features. It's recommended that organisations should: centrally manage devices and only allow users to use trusted applications on work devices (only AppStore applications on Apple devices, for example). Install antivirus or anti-malware products and keep them up to date. Don't forget to provide security education and awareness training to your staff.
Prepare for an incident with a Cyber Incident Response Plan - Identify your critical assets and determine their impact if they were affected by a malware attack. Develop an internal and external communication strategy. Ensure that the right information reaches the right staff members or external partners quickly and efficiently. Ensure you know the legal obligations when reporting an incident to regulators, and understand how to approach this.
Sign up for our Free Membership; we're committed to raising cybersecurity and resilience across Greater Manchester. This includes supporting businesses, academia, the charity sector, and employees.
Sign up for the Cyber Essentials certification scheme, so your customers and partners can see that you have addressed any risks.
Cybersecurity incidents can be reported to Action Fraud.
Follow the NCSC guidance on protecting your organisation from phishing attacks.
The former cybersecurity chief has called for the law to change
Ciaran Martin, who ran the National Cyber Security Centre until last August, has called for a law change and warns that the situation is ‘close to getting out of control’ Insurers are inadvertently funding organised crime by paying out claims from companies who have paid ransoms to regain access to data and systems after a hacking attack.
He told The Guardian in January, "At the moment, companies have incentives to pay ransoms to ensure this all goes away. You have to look seriously about changing the law on insurance and banning these payments, or at the very least, having a major consultation with the industry."