In today’s highly-connected world, it seems that three things are certain in life: death, taxes — and cybercriminals trying to steal your sensitive information.

Computer malware has been with us for decades. But over the course of time, the tactics employed by online scammers have evolved, smartened up and grown in sophistication.

One of the latest, most nefarious tricks being used to steal your personal information? Ransomware. As the name suggests, it involves your data or computer system being hijacked and locked with encryption, with a demand for payment in return for a release code.

In the UK, ransomware attacks have doubled since 2020. To safeguard your sensitive data, organisations and home IT users should certainly be aware of this specific type of malware.

Arm yourself with knowledge — allow our team of cybersecurity IT experts to break things down.

What is ransomware?

Ransomware is a type of malware — malicious software — that prevents you accessing your computer system and the files stored on it, usually by encrypting your data. You may be perpetually ‘locked out’ from your devices, or blocked from accessing certain files until you pay the ransom to a cybercriminal — a sum of money for a decryption key.

Extortion and blackmail innovatively reinvented for the digital era, in other words. 

Cybercriminals may also take copies of your data and threaten to publish or delete it if you do not do as they say. Organisations, businesses and bodies of all shapes, sizes and sectors can be affected, as can home IT users.

Ransomware is part of a field of malware called cryptovirology. It’s been around for quite a while, but adoption of ransomware tactics by cyber criminals has accelerated only in recent years, their number growing in sophistication and volume.

Usually spread by phishing attacks and malicious attachments, the 2017 ‘WannaCry’ malware attack is argued to be the most devastating to date. Exploiting a loophole in Windows, the ransomware infected computers across 150 countries, demanding a $300 USD (£250) ransom to decrypt each computer. Economic losses were estimated to be $4 billion (£3.2 billion), with serious impacts even on the NHS.

Whilst most ransomware attacks are nowhere near as high profile or widespread as WannaCry, they’re still growing rapidly in number. In 2022, ransomware attacks increased by 105% compared to 2021; there were estimated to be 623,300,000 across the world. 

Sophisticated, well-executed ransomware extortion attacks can generate vast amounts of digital currencies for cybercriminals. Official statistics estimate the average cyberattack cost to be £4,200 — or £19,400 for medium and large businesses, and that’s not counting the enormous potential reputational damage. Four in 10 UK businesses say they identified a cyber attack in 2022 — and that’s only counting those reported.

How does ransomware work?

A ransomware attack can usually be broken down into three phases:

1. Access — ransomware attacks, typically originate as a phishing attempt. Users receive an email and are tricked into downloading files that may appear legitimate, but act as a Trojan for the ransomware. Once downloaded, malicious encryption software is installed. Copies of your data may also be taken. WannaCry and TeslaCrypt are two high-profile examples. Some ransomware attacks can begin as a phoney update after software has been hacked. Examples of this kind of ‘access’ include the NotPetya attack.
2. Mobilisation — the cybercriminals activate the ransomware, encrypting the target data. You’ll be locked out from accessing your files.
3. Ransom — you may receive a notification or on-screen message asking for payment — a ransom — in return for the restoration of your data. There’ll be information on what may happen and how to pay the ransom. Payment can be on a dedicated webpage, often asked for in a cryptocurrency like Bitcoin, Litecoin or Ethereum.

If you do not pay the ransom, you may be perpetually blocked from your computer and its data, or the cybercriminals may choose to leak your data.

Ransomware protection, monitoring & mitigation: top tips on how to stay safe

83% of all cyber attacks on UK businesses start as a phishing attempt, so this is a great place to start if you’re wanting to avoid falling victim. But protecting against ransomware is also about being best placed to stem its spread and impact if the worst happens.

• Be alert to phishing scams — We’ve written a simple guide on how to spot these and the telltale signs that an email, text or phone call may be a cyber attack. Needless to say, do not install any files or follow any links you weren’t expecting to receive. If you’re a business or organisation, operate on the principle of ‘least privilege’ for staff and make them aware of what to look out for. You may want to explore good mail filtering and interception.
• Make daily, secure backups of your data — Again, this cybersecurity best practice for any home user, business or organisation. Being able to quickly restore your most important data makes its encryption (and the threat of its leak) much less of a crisis. 
• Bolster your cyber defences — If you’re a home user, ensure your system operating software, antimalware and firewall software is updated and that you’re following password management best practice. Businesses and organisations responsible for very sensitive data should explore a more sophisticated, proactive cybersecurity strategy. This is sometimes known as a ‘defence in depth’ strategy, consisting of layers and mitigations that provide chances to spot malware before it causes harm. It will also involve device-level security features to prevent malware running if it does get through. 
• Don’t wait to invest in your cybersecurity strategy — did you know that 86% of businesses who were ransomware victims afterwards reported an increase in security budgets to fight ransomware? Don’t wait until you fall victim; remediation costs are always higher.
• Prepare for a ransomware attack — be braced for the worst. How would you communicate with stakeholders? How do you plan to perform essential tasks and business services without access to your computer systems? How would you restore a minimum number of devices, or your entire IT environment? What roles and responsibilities would there be?
• Be informed — whilst an outsourced team can be your eyes and ears, staying abreast of the latest ransomware tricks can’t do any harm. Consider joining the Cyber Security Information Sharing Partnership (CISP), a joint industry and governmental service that allows for confidential sharing of particular threats.

Suffice it to say, being on your constant guard against ransomware and ensuring your home, SME or large organsation’s cyber defences are in their best shape can demand a lot of time and know-how. You might find it helpful to enlist a team of cybersecurity experts (like us, at We Are Your IT!) to help guide and manage your antimalware or complete cybersecurity strategy.

Be sure to also explore our Learning Hub cybersecurity category for other guides and best practice for protecting your data and staying safe from cyber attacks.

Ransomware mitigation and removal: what if I’ve already been attacked?

It can be difficult — almost impossible — for anyone other than the cyber criminal to decrypt your files, which is why preparing and guarding against ransomware attacks is so important. But if you suspect you’ve been a victim, you might want to try and limit further damage with these steps:

• Disconnect all infected devices, wipe them and install the operating system. Run an antivirus and anti-malware scan.
• Ensure your devices are free of malware and infection and restore your data from backup.
• Reset passwords and other credentials if possible, particularly for admin accounts (but don’t lock yourself out).
• Continue to perform frequent anti-malware scans.
• Report the attack to the National Fraud & Cyber Crime Reporting Office.

Should I pay a ransomware decryption fee?

Whilst you may be tempted, we’d never recommend it. Not only will you be paying a criminal, but it can make you more of a target for future attacks. Ransomware: The True Cost To Business in 2022 highlighted that 80% of companies who paid a ransom were targeted again. Then there’s the risk that the cybercriminal may not actually honour the commitment to return your data!