Taking on the cyber criminals

It is important to understand the true cost of ransomware


It’s become clear over the last few weeks that ransomware is changing. Unsurprisingly, it’s changing for the worse and it’s becoming more common.

Ransomware is malicious code that enters your computer and either encrypts all your files so that you can no longer access them or downloads some inappropriate content which you can’t remove. You are then asked to pay a ransom to de-encrypt your files so that you can access them again or to remove the inappropriate content.

f-secure1Developing ransomware was originally labour-intensive but, over time, this cost has reduced and the number of ransomware threats we have seen has risen. The gangs behind it care little if they are attacking a consumer’s PC or a business. Indeed, many personal laptops are connected to work networks, as the lines between personal and work devices continue to blur.

Most recently, we assisted a joint investigation with the Finnish Police and CERT-FI after a spate of police-themed ransomware hit five million consumers worldwide. When you consider the fee they were asking to de-encrypt the files was €100 (or US$300), the profit mounts up quickly.

Of course, some of those victims may have been sensible enough to back up their content on unconnected devices. Most probably didn’t, but having access to their files was critical. They could have gone to the police, but this ransomware was designed to isolate victims, giving them only one option, which is to pay up.

The image that appears on the user’s screen to inform them their content has been encrypted may spoof a police message, but it isn’t done convincingly. Victims often know this is a shake-down, but how many will go to the police when the cybercriminals have told them there is child porn on their computer? Likewise, it’s not a problem you would want to type into a web search engine. So people go ahead and do what they can, which is pay the ransom.

Of course, it’s not just consumers who are at risk now. Back in December of last year, in what is becoming an increasingly common media report, a medical clinic in Australia was hit with a A$4,000 demand after its patient records were encrypted.

So what do businesses need to do? Close all known security gaps by making sure that all software is updated automatically with the latest security patches and that you have the best security software. This will significantly reduce your attack surface in the face of an exploit kit. And if you are using Java in your organisation, it should be limited to a specific browser which is not used for usual web browsing.

Finally, I would urge your business’ IT security professional to contact a company which recovers hard drives and ask for a quote covering every machine in your organisation. When the budget-holder sees what the potential cost could be to recover from a ransomware attack – including the cost of downtime – it becomes a no-brainer to make sure everything is automatically covered.

Allen Scott is managing director of F-Secure UK & Ireland
0845 890 3300