Historically there have been times that hackers have used Malware simply because they can. This is now no longer the usual reason.
Malware tools can be used individually or together to break into different parts of an individual’s or organisation’s systems in order to hijack that system and hold it to ransom – hence “Ransomware”.
The end game is to charge the organisation (or individual) a fee to free up their system from the ransomware attack.
NB there is no guarantee that a) the payment of the fee will result in the ransomware being removed, nor b) that they will not leave Malware behind allowing them to repeat the process at a later date.
Clearly, if the individual/organisation can simply close down their systems and reboot using a previously saved version, then the ransomware attack would fail (inasmuch as no financial reward would be made). The cyber criminals have thought of this – the first stage of a ransomware attack is to break into the systems. Next the Malware is focused on destroying or corrupting any back-ups that exist (to prevent re-boots using previously saved versions). The Malware is directed to infect as many of the terminals it can reach within the systems (so that it is not a matter of disconnecting a few of them and rebooting them alone). Finally, the demand is sent to the user: “pay up or else”
NB sometimes Ransomware can also be sent suggesting that a release of that person’s online searches or their viewing history or a video, taken via their computer’s camera, of the user performing actions they don’t want made public etc. The chances are that many such demands are purely attempts to prey on the concerns of the individual and do not represent actual hacking at all. But you cannot be sure.
You should be aware that any funds paid – usually by Bitcoin or some other equally awkward method – will be laundered so that they cannot be tracked. These services exist in the Dark Web (the area where the cyber- and other criminals interact). Thus, the chances of getting any such funds back is minimal.
So what to do?
- Prepare by ensuring your systems are safe and protected by a good anti-virus software, ensure your back-ups are held separately from your programmes (and ideally offline), ensure you know what to do if you receive such a ransomware request – but better ensure you know what to do to prevent such a request in the first place.
- Keep only the most up to date software – ie up to date on all patches, updates and new versions of ALL software that you use. If there is software that you do not use, then either remove it (if possible) or update it anyway as this is a key way that hackers can break into your systems.
- Teach your people – from the Chairman of the Board to the office juniors – to never accept / open emails that may be attempts to access your systems by cyber criminals. The favourite approach to get “into” a system is to use a Phishing attack via email. Teach them to spot these, what to do when they have spotted it, what to do if they did open it anyway and what to do if they receive a ransomware demand.
- Install management systems that address the basics behind maintaining your data security – these can be priced at less than £150 a month so are truly accessible. You can use them to demonstrate to others that you have data truly under control – as well as showing you take issues like GDPR seriously too. Contact us to find out more - call 0345 600 6975.