Ransomware strikes again...
...but a global scheme is slowly fighting back
Last month, residents in Johannesburg, South Africa's largest city, were left without power after a major electricity supplier suffered a ransomware attack.
City Power told the BBC that more than a quarter of a million people might have been affected by the attack on 25 July, which encrypted the company’s databases, applications and network.
Ransomware remains one of the world’s biggest cyber security threats to businesses and works by blocking access to the target’s files by encrypting them. The hackers then threaten to delete these files unless a ransom is paid to ‘unlock’ them.
The majority of ransomware is sent through the email attachments; once it’s opened a virus downloads itself and starts corrupting the files on the computer.
A person infected with ransomware is typically ordered (via a pop-up window) to pay anything from a few hundred to thousands of pounds in order to get the key to unlock their encrypted data.
So far in 2019 there has been a surge in ransomware attacks particularly aimed at large companies.
Norsk Hydro, a Norwegian aluminium and renewable energy company, has already spent over £50m recovering from an attack in March that halted production lines and locked staff out of their computers. In the US, multiple local government authorities have been hit with ransomware attacks, some choosing to pay hundreds of thousands of dollars to hackers.
But a free scheme, No More Ransom, is fighting back. The BBC has reported that since it’s launch in 2016, the initiative has saved more than 200,000 victims at least $108m (£86m).
No More Ransom is an initiative created by European police agency Europol, aimed at slowing the increasing rise in ransomware. Its website, which connects victims and police, gives advice and help with data recovery, as well as advice on how to avoid falling victim.
It now has more than 150 global partners, and with 14 new tools introduced in 2019 alone, Europol says it can now decrypt 109 different types of infection. Among the ransomware campaigns tackled by the project is GandCrab - one of the most aggressive forms used last year. Since the release of the first GandCrab tool in February 2018, nearly 40,000 people have successfully decrypted their files, saving roughly $50m in ransom payments.
"When we take a close look at ransomware, we see how easy a device can be infected in a matter of seconds," Steven Wilson, head of Europol's European Cybercrime Centre (EC3) told the BBC.
"A wrong click and databases, pictures and a life of memories can disappear forever.
"No More Ransom brings hope to the victims, a real window of opportunity, but also delivers a clear message to the criminals: the international community stands together with a common goal, operational successes are and will continue to bring the offenders to justice."
Ransomware – how to protect ourselves and our businesses:
- Always take care when opening emails and links – never open any attachment of which you are unsure
- Make sure you have the latest anti-virus software and do regular back-ups, separate from your computer, so you can always retrieve your data if you are targeted. If you do fall victim to an attack, remember these three things:
1/ Turn off your infected computer and disconnect it from the network it is on. This is important because an infected computer can potentially take down other computers sharing the same network.
2/ Inform the police. Ransomware is a serious crime and should be reported.
3/ Don’t pay. Paying the attackers will encourage them to do it to others. There’s no guarantee that they will unlock your data if you do pay, and they could target you again.
Amethyst can help your business with your cyber security requirements and have a team of highly qualified and experienced specialists; many have more than 20 years’ experience in the fields of Cyber Security, Information Assurance and Data Protection.
Amethyst operates in both the public and private sectors, delivering a dedicated, personal service of the highest standard.
We are an established cyber security training provider offering specialist courses on technical risk assessment as well as more basic introductory level courses for non-specialists.
We can develop bespoke cyber security training for specific professions or sectors and provide support to achieve ISO/IEC 27001 certification, including development of the business case and project plan, risk assessment, development of information security policies and procedures, management procedures and liaison with external auditors.
To find out how we can help your business, contact us today: firstname.lastname@example.org