Much like pop music and the final few seasons of Game of Thrones, Ransomware only seems to get worse with time. This malware - popular with cyber-extortionists and most commonly encountered by naïve internet surfers - is an incomparably nasty type of computer virus, with its extortion, threats and complete denial of service creating the perfect storm of technological terror.
For those unaware, Ransomware is a malicious piece of software that infects a user’s computer and denies access to all files and processes. In the meantime, the Malware issues an on-screen warning that the victim’s computer is locked and can be released by the ransomware’s distributor for a fee - though we don’t recommend trusting them on that promise.
Recent examples of Ransomware attacks on businesses have been especially fiendish – the Angler exploit supported a campaign of cybercrime thought to have extorted up to £4million, whilst the Norwegian smelter Norsk Hydro saw its systems compromised for days after contracting the “Lockergoga” Ransomware, relying on manual operations during the recovery period.
Sadly, it’s exactly this kind of impact that makes Ransomware so popular among cybercriminals, popularising an all-new approach to its distribution: Ransomware-as-a-Service, or RaaS. As a whole suite of Ransomware tools, RaaS gives even the most novice of cyber-criminals the means to unleash a targeted (or indeed, indiscriminate) attack on their victims.
RaaS offers a subscription-based service for any would-be cybercriminals, packaging Ransomware, full operating instructions and even campaign management utilities to aid them in their criminal campaigns. Though only available via the encrypted pages of the Dark Web, many of these packages are comparable – ironically enough – to reputable Anti-Virus software, with the pricing, subscription model and after-sales support following a similar structure. The impact on business security is two-fold: not only are more people than ever given the means to unleash attacks, but Ransomware creators now have a new and regular income alongside their campaign takings.
According to research from our partners at Datto, 84% of Managed Service Providers between 2016 and 2018 reported ransomware attacks against their customers - a figure higher in Europe than all other continents. With the rising popularity of RaaS, this disquieting figure is perhaps more likely than it seems.
What’s surprising is that protecting against this ever-growing threat is no more elaborate than the most regularly recommended protection. Phishing awareness training keeps employees protected against phishing emails, which are still the most common entry point for Ransomware users. Teams that can identify sketchy emails and enact best practice when responding to unknown sources can help keep the criminals at bay – before their multiple mucky feet get through the door.
You’ll need more than knowledge alone to stay fully protected, however. Any serious business will want a reliable Anti-Virus package. If any Ransomware does slip trough the cracks, your Anti-Virus software will detect it before it wreaks any serious carnage, but be sure to source renowned and reputable software; a staggering number of lesser-known apps might be cheap, but they’re utterly ineffective.
Backing up your Data and enacting a Disaster Recovery solution means your data is kept safe following any major attacks – and can be recalled in minutes to get your business operations back on track quickly.
Finally, using the newest version of Windows means your operating software is updated with regular virus protection – and makes you less likely to be targeted by opportunistic attackers.