Many of us are now aware of the risks of ransomware and how it can lock up the important data of a business or personal data of an unsuspecting individual.  News stories such as those regarding the NHS have brought the issue to the attention of even non techies and we often hear UK Government advertisements on the radio to make us aware of the threats.

The underlying premise of current ransomware threats is that of making money for the groups or individuals who are distributing the ransomware.  Once a computer owners data is encrypted, a ransom demand is made for payment of Bitcoin to unlock the data - this payment can be many hundreds or even thousands of pounds.  Having a solid and tested backup procedure in place can be the difference between quickly recovering from the ransomware infection or as a business, going under and having to cease trading.  On average, in our home county of Essex alone, 500 cyber crimes are reported each month.  5 of these are ransomware attacks of which 2 businesses never recover - through having no tested backup strategy in place.  This has prompted Essex Police to run free awareness courses aimed at business owners wishing to improve cyber security against such threats.

Many businesses are now opting to buy insurance against cyber threats including ransomware but it has been revealed that in many cases the insurance firms are simply paying the ransom to the criminals.  This in turn makes the situation worse as it does not discourage the criminals from entering into such practices as they now know that they will get paid by the insurance companies.  With this in mind, the criminals can increase their demands as they know the ransoms will be paid out out by the insurance company.

Follow The Money

It is often said that criminals are brought to justice by following the money.  If an investigation can trace where funds go, the criminals identities can often be revealed.

Now, with cases of Bitcoin users being traced by the authorities it will hopefully become less inviting for the criminals to continue risking capture.  But this leads us to the possible use of ransomware by activists such as eco cyber-warriors.  We envision that the next bout of ransomware will not be by criminals trying to make a quick buck and demanding money to unlock your data, but instead by activists such as Extinction Rebellion. We envision a scenario in which activists work with ransomware creators to create a strain of ransomware which locks up important data as normal, but instead of demanding a ransom in Bitcoin, demands are more aimed at reducing carbon emissions or the building of green energy plants.  For example, a demand such as "We will reveal the decryption key for your data once 5% of planned housing developments have been re-purposed as solar or wind farms throughout the South-East".

If such organisations weaponise ransomware in this way, it will likely be far harder (if at all possible) to trace the culprits as there will simply be no money to follow.  It could in fact be a very safe way for such organisations to further their cause as it would hide them behind the fairly anonymous computer screen and reduce the risk of being detained by the authorities at rallies and protests. Such a tactic may also further their cause by encouraging the general public to start lobbying their council or Government to get action taken in meeting the ransomware demands.  So many people now use social media to 'share' and 'like' the views of such organisations but very few actually stand shoulder to shoulder with them to demand Government action, preferring to applaud those making the stand, but unwilling to themselves.  Such ransomware may twist the arm of the general public to demand action as something of theirs will be on the line - their own data - be it business data or personal collections of documents and photographs.

So, now we have shared our view on where we think ransomware is going, what can you do to try to offset the disruption it can cause?

How can you protect yourself against ransomware?

Backups

The best course of action is to assume that at some point your computer will be infected by ransomware.  You therefore need to ensure that you take regular backups of your data.  We recommend you have one USB backup drive plugged into your computer at all times which takes an automated daily (or even hourly) backup.  Another second USB backup drive should be used to make another backup, but this should only be plugged into the computer when you are actively making the backup.  Alternatively, sign up to an automated cloud backup service which keeps multiple versions of your data.

Active Ransomware Protection Software

We install the free Acronis Ransomware Protection tool on many of our clients systems.  This tool creates a backup of up to 5GB of user data to the Acronis servers (more space can be purchased if required).  The software then monitors your computer for signs of a ransomware attack and if it believes an attack is underway, it will pause the suspicious process and ask you to confirm if the process is safe to continue or not.  This obviously put the onus back on yourself as you will need to make a decision as to whether the suspicious activity that the tool found related to something you were trying to accomplish, or whether it was a malicious software infection.  This is not always an easy task for a non-techy to determine, but at least it provides a buffer.  We generally advise our clients to call us should they encounter an alert from the Acronis Ransomware Protection tool.

Operating System and software updates

To help keep a computer system safe (including tablets and smartphones), Operating System and software updates should be installed regularly.

Antivirus software

We do not put much reliance on antivirus products, new strains of ransomware and viruses can get past even the most expensive software.  Despite this, we still advise having some form of antivirus software which should be kept up to date.

Be cautious

The best defence for your computer equipment is yourself - the user.  Vet everything that passes through your computer just as you would a visitor knocking at your front door.  No amount or expense of software products can stop you clicking on a malicious link in an email, or choosing to download what you thought was a fun computer game, only to find that it was in fact ransomware which will lock up all of your important data.  If you receive an email from someone you do not know and you were not expecting it, best to be safe than sorry, simply delete it.  Always buy your computer software from reputable stores or from the original manufacturer - if you need Microsoft Office for example, do not download it from pirate software sites as it will likely contain ransomware.  If you find a USB stick on your driveway, whatever you do, do not plug it into your computer, doing so could easily cost you a fortune.