Beware of Ransomware
Amethyst’s Victoria Prewer examines the continuing threat of cyber-blackmail
Ransomware is by no means a new threat, but with the news that Lincolnshire County Council was recently blackmailed, closing its entire computer system for days, it remains a serious and ongoing problem for us all.
Ransomware first emerged in in 2005 in the United States but spread quickly around the world, along with other so-called malware. It works by either holding your entire computer hostage or by blocking access to all of your files by encrypting them. A person infected with ransomware is typically ordered (via a pop-up window) to pay anything from a few hundred to thousands of pounds in order to get the key to unlock their encrypted data.
You can be targeted by ransomware whether you are a consumer, a small business or a large company. Lincolnshire County Council, who were confident they had the appropriate security measures in place, described the ransomware as the biggest attack they had ever experienced. The council also claimed the attack was "zero-day malware", meaning it was previously unknown to security experts.
The attackers initially demanded £1m from the council in order to restore its data. Although they didn’t pay, the council were forced to switch off PCs and servers, and conduct a thorough sweep of the IT across the organisation in order to make sure that the malware couldn't spread. Staff had to resort to only using pen, paper and the telephone, while members of the public were urged via the local press to refrain from contacting the council over anything non-urgent. Computer systems were closed for four days.
The ransomware virus is dangerous because it is normally contained in an attachment to an email that masquerades as something innocent. Once opened it immediately freezes the machine, making it impossible to access or retrieve anything stored, such as documents.
One new strand of ransomware that falls into this category is called CDT-Locker and unfortunately it is often very hard to detect. CDT-Locker can be hidden in files in such a way that even security software can’t tell it's there. To make matters worse, hackers are getting people to willingly download these dangerous files by making them appear legitimate.
For example, a hacker might pose as your utility company in an email stating that they need you to fill out an attached form or else your power will be cut off. Or perhaps they will use social engineering to pretend to be a person in your contact list. Hackers know that by using the name of someone you trust, you are more likely to click on a link in an email.
Cyber criminals are now even using social media sites and newsgroup postings to spread the malicious code.
So how do we protect ourselves and our businesses? It is obviously always important to always take care when opening emails and links – never open any attachment of which you are unsure. Make sure you have the latest anti-virus software and do regular back-ups, separate from your computer, so you can always retrieve your data if you are targeted. If you do fall victim to an attack, remember these three things:
1/ Turn off your infected computer and disconnect it from the network it is on. This is important because an infected computer can potentially take down other computers sharing the same network.
2/ Inform the police. Ransomware is a serious crime and should be reported.
3/ Don’t pay. Paying the attackers will encourage them to do it to others. There’s no guarantee that they will unlock your data if you do pay, and they could target you again.
For details on the attack on Lincolnshire County Council and for further information on ransomware visit:
For further information on how Amethyst can help you and your business contact firstname.lastname@example.org