UK organisations are still not taking ransomware seriously enough and continue to fall prey to low cost, low risk cyber extortion.
Cyber criminals simply have to infect computer systems with malware designed to lock up critical data by encrypting it and demand ransom in return for the encryption keys.
The occurrence of ransomware attacks nearly doubled, up by 172%, in the first half of 2016 compared with the whole of 2015, according to a recent report by security firm Trend Micro.
Ransomware, the report said, is now a prevalent and pervasive threat, with variants designed to attack all levels of the network.
Ransomware is typically distributed through phishing emails designed to trick recipients into downloading the malware, or through app downloads and compromised websites.
The business model is proving extremely successful for cyber criminals, as many organisations are not prepared for it, and paying the ransom is often the best or only option open to them.
Two separate studies have revealed that universities and NHS trusts in England have been hit hard by ransomware in the past year.
A freedom of information request by security firm SentinelOne revealed that 23 of 58 UK universities polled were targeted by ransomware in the past year, but all claim not to have paid any ransom.
In a similar study by security firm NCC Group, 47% of NHS Trusts in England admitted they had been targeted, while one single trust said it had never been targeted, and the rest refused to comment on the grounds of patient confidentiality. Only one trust said it had contacted the police.
While ransomware writers were sometimes careless in the past so there was often a way to retrieve files, that is seldom the case now, making preparation even more important.
Security firm Sophos has developed a whitepaper advising businesses on how to stay protected against ransomware.
Here are a list of best practices that businesses and public sector organisations should apply immediately to prevent falling victim to ransomware:
- Backup regularly and keep a recent backup copy off-site
- Do not enable macros in document attachments received via email
- Be cautious about unsolicited attachments
- Do not give users more login power than they need
- Consider installing Microsoft Office viewers to see what documents look like without opening them in Word or Excel
- Patch early, patch often because ransomware often relies on security bugs in popular applications
- Keep informed about new security features added to your business applications
- Open .JS files with Notepad by default to protect against JavaScript borne malware
- Show files with their extensions because malware authors increasingly try to disguise the actual file extension to trick you into opening them