Europol’s Cyber Crime Centre (EC3) released a report on the rising threat of Ransomware to individual computer users and to businesses. This report follows on from a number of media stories on how this scourge is spreading. The EC3 report, which was developed jointly with the Dutch National High Tech Crime Unit (NHTCU), aims to raise awareness about the threat.
I previously blogged about police ransomware back in 2012 when a number of people fell victim to Garda themed ransomware attacks. Hopefully this report from EC3 will help raise awareness of the threat further.
However, I am worried that the message may not get those most at risk particularly if the majority of the publicity is in the tech press and media, leaving many people are unaware of the threat. What I find frustrating about the success in Ransomware is that the simple steps to prevent infection my most other malware will also prevent infection by Ransomware.
So keeping systems patched with the latest software, using up to date anti-virus software, educating users on the threat and having good backups that are verified to have worked will prevent many from becoming victims of Ransomware. If they should somehow still get infected then having good backups will be the way to recover from that infection.
However, we still see many businesses, and individuals, who still seem to think that computer viruses will not impact them and do not take the necessary measures to protect themselves. Previous malware would steal data, login credentials or recruit the victim’s PC into a botnet, but these issues were mostly hidden from the victim themselves or at least they would not see the impact for a while. Indeed, it is not unknown for people to continue to use infected computers oblivious to the fact that their computer(s) is infected. Ransomware has an immediate impact, both from a financial point of view and also from a data accessibility/recovery point of view. Once infected the victim has no choice but to deal with the issue.
The crypto used by the criminals in ransomware is pretty much unbreakable as it is similar to the encryption algorithms used by many companies to protect their data. So once infected there is little to no hope of recovering the data without the appropriate key to decrypt the data.
From my experience in dealing with Ransomware most individuals affected opted to pay the ransom because they have had no other option. A few did not pay and simply rebuilt their computers and suffered the loss of their data, but most of these people were individuals. For each business customer I come across impacted by Ransomware they have all opted to pay the ransom (usually between €3,000 to €5,000) as they could not afford to lose their data. Ironically, many comment they would rather spend that money on securing their data rather than paying criminals to retrieve.
It is also important to note that not all people who have paid the ransom have got their data back. In some cases they not only lose their data but also the ransom money too as the criminals have not given them the code to decrypt it.
For most it is a hard lesson in the how to secure their computer.
So best advice for people and businesses is;
- Keep your software patched and up to date.
- Employ reputable anti-virus software and keep it up to date.
- Backup your data regularly and most importantly verify that the backups have worked and you can retrieve your data.
- Make staff and those who use your computers aware of the risks and how to work securely online.
Oh, and if you think that because you are using an Apple computer or that you are using a mobile device you are safe, think again. The report from EC3 highlights that the criminals are targeting these platforms too.