'There are minimal overheads and profits can be limitless'
Cybercriminals are increasingly targeting UK workers files and data, and the Metropolitan Police have warned that “no one is safe”.
The FBI, Metropolitan Police, and security experts all agree that cyber ransoming has fast become one of UK’s biggest economic crimes.
Unpredictable, unstoppable and potentially fatal to a business, the rapid emergence of ransomware has become a threat to people across the nation.
August Graham, the editor of the Sentinel, arrived at work one morning last summer to find a note pop up on one of the computer screens. It informed him that all the files on the firm’s server had been encrypted and were being held ransom.
He was told he had to pay £500 to get them back, or they'd be destroyed.
Last year, 54 per cent of businesses in the UK were hit by ransomware attacks, according to a survey by Osterman Research on behalf of Malwarebytes. In 20 per cent of the cases, it stopped business operations immediately.
Gadgets and tech news in pictures
The average ransom demanded is £520, but some can be enormous. Three per cent of UK companies that have been hit by ransomware reported a charge of over £50,000 to recover their data.
Gary Miles, the detective chief inspector of FALCON (Metropolitan Fraud and Linked Crime Online) described cyber ransoming as “the crime of choice” right now.
“For a criminal, the cyber ransoming business model is very attractive," he said. "There are minimal overheads and profits can be limitless.”
If you measure risk against reward, it's no wonder ransoming has doubled each year since its 2012 emergence. Robbing one computer at a time violently using a knife or gun doesn’t scale well.
However, one hacker can rob thousands with the click of a button.
What is ransomware?
In the first stage of a ransomware attack, a target will receive an email appearing to contain a legitimate attachment, such as an invoice or link to a website. Most people will have come across one of these infected messages.
In the past, they've tended to be written in broken English and easy to spot, but hackers have skilfully refined their techniques.
If the victim takes the bait and engages with the content, the second phase begins. The malicious code in the attachment will then be released onto the victim’s machine and spread fast.
It will encrypt all files and folders in local drives, attached drives, backup drives and other computers on the same server. In no time, all files will become corrupt and inaccessible.
The ransom note will then appear on the computer screen. Demands can range from a couple of hundred to several million, depending on how much the hacker thinks the organization will pay.
What to do if you're targeted
Ransomware attacks are not just proliferating, but becoming increasingly targeted too. Blocking one is extremely difficult. Defenders are like the batters in a cricket game, who need to deflect every ball thrown at the wicket. Hackers just need to knock the bails once to win.
A survey by Trend Micro found that 65 per cent of UK businesses hit by ransomware last year paid the ransom, despite all security agencies and police forces advising against complying with attackers’ demands.
Explaining why victims should not pay up, Pascal Geenens, Radware's security evangelist for the EMEA region said, “Firstly, there is no guarantee that you will recover your data and secondly, even if you do recover your data, hackers may come back at a later date demanding an even larger ransom.”
Geenen says companies must place an emphasis on prevention by educating employees and putting protective technologies like firewalls, antivirus software and intrusion detection systems into place.
On top of that, companies are encouraged to establish a disaster recovery plan. So if a breach happens, there is a plan to minimize the damage. A company must concentrate on strengthening those things in order to make themselves less susceptible to ransomware. Once it happens, it’s too late.
Cybersecurity firms also encourage companies to back up their systems frequently.
“It should be done at least every hour,” said Mr Geenens. “That way, if an attack happens a company need only reboot their systems to the last point of backup.”