Ransomware poses a significant threat to both individuals and organisations. The frequency of ransomware attacks is on the rise annually, and the repercussions of these incidents have escalated in terms of the number of victims, ransom amounts, and overall damage.
What is Ransomware?
Ransomware is a form of malware that blocks access to your device and its data, typically by encrypting your files. In return for decryption, a criminal group will demand a ransom. The computer may be locked, and the data could be encrypted, stolen, or deleted. Additionally, attackers might threaten to expose any data they steal.
How does ransomware work?
Access: Attackers infiltrate your network, take control and deploy malicious encryption software. They might make duplicates of your data and threaten to leak it.
Activation: The malware becomes active, locking devices and encrypting data across the network, making it inaccessible.
Ransom Demand: Typically, a cyber criminal will notify you on-screen about the ransom and provide instructions on how to pay to unlock your computer or retrieve your data. Payment is often requested through an anonymous web page, usually in cryptocurrency like Bitcoin.
It's important to determine how the attackers breached your network initially to prevent future ransomware incidents.
I have been hit with a Ransomware attack, should I pay the ransom?
Law Enforcement does not support, approve, or accept ransom payments. If you do pay the ransom:
- There is no guarantee that you will get your data or device back.
- Your device will still be infected.
- You will be paying a criminal group.
- As you have paid once you will be more likely to be targeted again.
These points emphasis why it is so important to backup your data and maintain a recent offline backup. Doing this will allow you to recover quicker from a cyber attack.
How to prevent and protect against ransomware
If you have been a victim of a ransomware attack, the attackers will likely threaten to publish your data if you do not pay the ransom. To combat this, it is essential that you take measures to reduce the impact of data breaches.
There are a number of steps you can take to prevent and protect yourself from ransomware attacks:
- Anti-virus software: Anti-virus software is an important tool that detects and removes known malware. These products often include additional features to improve system security. Make sure it is turned on, monitor updates regularly, and schedule full scans to run automatically. It's recommended to perform a thorough scan at least once a month.
- Protect yourself from phishing attacks: Phishing or scam emails are becoming much more common. It is important that you know how to spot the signs of a phishing or scam email to ensure that you don’t become a victim of this type of cyber attack. For more information on phishing attacks, please read our Phishing Guidance.
- Update your software and devices: Make sure to keep your apps, web browsers and devices updated to reduce the possibility of vulnerabilities being exploited. It is advised to switch on auto updates to make sure that you don’t miss new updates.
- Backup your data: Make sure that you regularly backup your data and keep it separate from your device/network. For more information on ways you can back up your data, please read our page on backing up your data.
What do I do if I have been a victim of ransomware?
If you have been a victim of a ransomware attack you should report it to Action Fraud via their reporting tool on their website or by calling 0300 123 2040. You should also report to the ICO that you have been subject to a data breach within 72 hours of the breach via their website or calling the helpline 0303 123 1113 (The helpline operates between 9am and 5pm Mon – Fri).
Respond and recover from a ransomware attack
How your organisation responds to and recovers from a ransomware attack will significantly impact of the aftermath of the attack.
Your organisation should have a Cyber Incident Response Plan in place to help deal with and recover from a cyber attack. If you do not have one in place, please check out our guidance on how you can create your Cyber Incident Response Plan and how to improve your incident management.
If your account has been hacked you can learn how you can recover them by reading our guidance on recovering hacked accounts.