THE BLOG

What To Do When Your Data Is Held Hostage

22/06/2017 14:23 BST | Updated 22/06/2017 14:23 BST

"Ooops...We have your files.

"Pay £1,000 in bitcoin to this wallet in the next 24 hours for their safe return."

Ransomware like WannaCry is on the rise. These attacks involve hackers holding your digital files hostage and demanding payment for you to get them back. It poses a dilemma that no one hopes to face. Should you pay up if you fall victim to a ransomware attack?

This malware based extortion is now one of the most significant and dangerous cyber threats facing consumers. Whilst businesses suffer too, regular people made up 69% of all ransomware victims last year, according to the Symantec Internet Security Threat Report 2017. And we're not just fighting a single strain, the number of ransomware families more than tripled in 2016. Criminals are creating new forms of this malware to evade detection, cause disruption and increase profits. As we saw when the recent WannaCry ransomware hit organisations globally, these attacks can cause widespread chaos.

What is ransomware and how is it spread?

Ransomware involves a piece of malicious code that encrypts the files on a user's device, such a computer or smartphone, without their knowledge. They usually only find out about the attack when an on-screen message asks them to pay a ransom to decrypt the files to make them accessible again. Refuse to pay or take too long to pay and your files will be deleted forever, the warnings usually say.

It's a profitable business for the criminals. Our data shows that the average ransom amount has shot upwards, jumping 266% from $294 in 2015 to $1,077 in 2016. Attackers clearly think that there's more to be squeezed from victims.

The most common way for devices to be infected with ransomware is via spam emails. A user might receive an email, often disguised as an invoice or receipt for a recent payment, luring the victim into opening the attached 'receipt' or clicking on a malicious link to make a 'payment'. This would cause the ransomware to download itself onto the victim's device and encrypt their files, at which attackers demand payment, often in Bitcoins, for the user to regain access to their files.

To pay or not to pay?

In this digital age, we place so much value in the digital information we store on our devices and in the cloud whether it's precious photos and videos, important documents, or irreplaceable files. As such, the temptation is great to wave a white flag and pay the ransom if it means getting them back.

According to a recent global survey, more than one-third of victims choose to pay the ransom. And unfortunately, it's why an increasing number of attackers are jumping on the bandwagon; it's a lucrative profitable game and for a few minutes' work, a criminal could earn several thousand dollars.

But paying the ransom doesn't guarantee that you will get your files back, unfortunately. Before you think about parting with cash, bear in mind that you're expecting a crook to hold up their end of the bargain. It's a huge risk. In fact, less than half (47%) of victims who pay up reported regaining access to their files. It's not a good idea to expect an amicable business transaction to take place with the instigators of a malware attack.

Prevention is the best cure. Here are my top tips on how to avoid falling victim to a ransomware attack:

  • Back up your data regularly. It's the number one way of combating ransomware infection. If you keep a copy of your important data on an external drive or a secure online file hosting service, you can restore it once the infection has been cleaned up

  • Keep your security software up to date to protect against the growing and evolving ransomware threat

  • Software updates are your friend. They will often include patches for newly discovered security vulnerabilities that ransomware attackers might exploit

  • As email is one of the main infection methods, take utmost care when opening emails. Look out for tell-tale warning signs, like spelling and grammar mistakes, and delete any suspicious looking emails you receive, especially if they contain links and/or attachments. Manually type a company's web address in your browser as opposed clicking on suspicious links you may receive via email

  • Be extremely wary of any Microsoft Office email that advises you to enable macros to view its content. Only do this if you trust the source. If not, delete the email

  • Cloud services are also helpful. Many retain previous version of files, allowing you to roll back to the unencrypted version you'll want to keep