On Thursday 28th October we are carrying out essential upgrades. The website may be unavailable for a period of time starting from 6am BST. We apologise for any inconvenience this may cause you.

The digital ransom note - the scourge of Ransomware

The digital ransom note - the scourge of Ransomware

The risk of being held to ransom is no longer just a phenomenon of the physical world - the digital world is subject to the menace of Ransomware.

Ransomware is where an attacker renders your computer system and your data unavailable to you through encrypting your data and then demands a ransom to allow you to resume access. Ransomware is not particularly new, but the rise of Bitcoin and the widespread use of online payment mechanisms has made it increasingly attractive to criminals.

Mark LogsdonIncidents typically involve an attacker encrypting data or even the keyboard using their private key which is impossible to crack. The attacker then displays the ransom note on their screen. Attacks are not limited to computers; phones are now a regular target with the PIN being changed and locking out the user.

Unlike other forms of malware there isn’t really a ‘patch’ or signature that can be applied to either stop it or prevent it in the first place, but the attack still requires access to the victim’s computer. About 90% of attacks start with some form of phishing email or a social engineering attack, both of which require human intervention to execute.

Therefore, organizations can increase protection by keeping security patches up-to date and regularly backing up data to quickly return to a pre-attack state. Meanwhile, employees should be on the lookout for phishing emails and shouldn’t click on links or open up attachments in unexpected emails or those offering the ‘chance of the lifetime’. Never reveal sensitive or security information too readily - remember a reputable company will never ask you for such information over the phone or by email.

The most effective and cost-efficient control to manage this risk is awareness training. All staff need to understand the role they have in keeping their company’s most precious information secure. They need to be actively involved and engaged in learning awareness programmes that use the latest learning techniques to effectively change the cyber behaviours of all staff. The board needs to set the right ‘tone from the top’, being aware of their particular cyber risks and vulnerabilities, asking the right questions and helping drive and action the necessary programmes designed to support their chosen risk posture.

And if you are attacked, the first thing to do is to activate the incident response plan. This plan should consider what’s been lost or is not available, the impact it has, how it happened, is it still going on, how do we fix it and how we prevent it happening again. In addition, there are some crucial business decisions: who do we talk to first, i.e. customers, media, police, regulators, shareholders? What do we say and when do we say it? Who says it? There’s also the question of what to say to staff, who then may innocently use social media to tell the world about what’s being said internally.

With sensible housekeeping - patching, backing up data and better user behaviours - you can lower the risk of becoming a victim of ransomware.

See our RESILIA section for more information about cyber security and resilience.

More AXELOS Blog Posts by Mark Logsdon

Where did that cyber-attack come from? That’s not your problem!

EU regulations promise shake-up for organizations’ data protection

Getting a career in cyber security: there’s no better time than now

SMEs, cyber risk and resilience – to invest or not to invest?

Cyber risk and young employees

Is this a Phishing email?

Hands up who doesn't understand cyber risk?

Building cyber education for all

The War on Cyber: Protecting Ourselves Against Weaponization

Cyber resilience: protecting the network or the data?

The perils of cyber-attack – and the new solution

Have you heard the one about the three judges...? A Cyber story to be aware of

Preventing cyber attacks - it's a people thing as much as IT

Current rating: 0 (0 ratings)


There are no comments posted.
You must log in to post a comment. Log in

Cyber resilience report results

AXELOS report

Read the highlights of our report, Cyber resilience: Are your people your most effective defence?

Download the report

Cyber resilience infographic

Cyber resilience: Are your prople your most effective defence? - infographic

AXELOS infographic

Cyber resilience: Are your prople your most effective defence? - infographic

Download the infographic

Cyber resilience and your employees

Awareness Learning Guide

Download our updated guide to help your organization ask the right questions and start your journey to improved cyber awareness.

Download our guide