The latest cyber crime: Ransomware
As our lives increasingly shift online and we rely more and more on computers and cybercrime and hacking are on the increase. And recently there has been a big surge in reports of private individuals and businesses having their computers hijacked by a particularly malicious process dubbed ransomware. This is where users are locked out of their machines and all their data is irreversibly encrypted unless they pay a large fee to the hacker who then sends an unlock key to let them back in. Chris Smith spoke to Johnathan Bowers from UKFast who have been monitoring the situation...
Jonathan - Ransomware is, essentially, an attack that locks people out of their computers and can occasionally even lock people out of whole business networks. The most usual way for ransomware to take hold is by somebody actually clicking on a link and downloading a virus. A piece of information that takes hold of, through encryption, the computer and doesn't allow you to gain access to it. Unfortunately, as in lots of cases with internet security, it's human error that lets people into something like a ransomware attack. The victim actually clicking on a link and downloading something that they shouldn't to their computer.
Chris - But what will the form take of something turning up? Will it be an email that looks innocuous or will it be obviously something that they shouldn't be clicking on?
Jonathan - Quite often it will be an email and nowadays it's an email that will look fairly innocuous. The sophisticated methods are really improving. They're becoming much more targeted and, essentially, people are finding out more about your organisation even, occasionally, sending an email that is actually spoofing the email address of somebody else. Perhaps the finance director within your company asking you to download a piece of information.
Chris - What would be the average experience of the person that this happens to? Just take us through the journey that got to them having a locked computer - what does it look like, what happens to them?
Jonathan - So what will happen to somebody in this situation is that they will download something that they think is fairly innocuous but very quickly, once that file executes on your computer, you then can't actually log in and gain access. Shortly after that, you'll receive information telling you that you would have to pay the ransom. It will tell you that your information has been encrypted and, unfortunately, because of the sophistication of encryption techniques on computers nowadays it's nigh on impossible for someone to actually try and break that encryption and manage to rescue themselves from the situation.
Chris - And when you say ransom - what's the ransom that's usually asked?
Jonathan - The ransom will usually be in the form of something like bitcoin because it's easier and easier to mask where that currency is going or coming from. It makes it even harder to try and track down who's doing this kind of thing.
Chris - How much ransom are we talking about on average?
Jonathan - Well, the ransom itself is increasing. Around a year ago you might have been looking at a ransom of say £3,000 in order to get your whole business back up and running again. But these ransoms have actually increased in the last 12 months by about 135 percent and will carry on increasing as well as people start actually paying them.
Chris - Do we know who is doing this?
Jonathan - It's very difficult to say who's actually doing it. We know a lot of people are doing it and we know that the barriers to entry have come down dramatically. And we'll find that a lot of people that are doing it are probably doing it for somebody else and essentially it will be an area of cybercrime where script kiddies are playing a major part. They may even not know who they are doing it for necessarily, but they'll be getting a cut of the money that they make.
Chris - Do we know where these people are based?
Jonathan - We don't know where these people are based and the sophistication of cybercrime means that it's extremely hard to trace that kind of thing.
Chris - Based on your experience as a UK hosting company, what do you think the incidences of this are - are you seeing an increased trend?
Jonathan - In 2015 we had about 20 cases. In the last three months of 2016, we've had over 30 cases. I guess that would show how much this is increasing.
Chris - Can you unlock that data for those people or is it literally a case of they have to pay up?
Jonathan - In the vast majority of cases with us, luckily that client will have taken backup solution with us and, therefore, what we would be more likely to advise is that they roll back to the latest backup, and that will allow us to get the information back on a fresh machine and get them going again. It means they can actually refuse to pay the ransom and keep moving.
Chris - That would be your number one piece of advice would it to a) don't open dodgy attachments if you can avoid it, but b) definitely have a backup?
Jonathan - The backup plan is absolutely crucial for people - making sure they've got a backup. But I would add to the first one there to a) because sometimes it's getting so sophisticated that people need to be actually educated on the types of things, perhaps within a business, they should and shouldn't open. They should know whether the finance director will ever actually send you an email asking you to download something.This can be put into inductions within businesses to make sure people are much more savvy about what they should and shouldn't download and I think that would then help overall to protect businesses.