Bad Rabbit, Spider, GoldenEye: they sound like exciting action films. But they are dangerous software programmes designed to steal money from companies. The good news: According to British security company Sophos, fewer organisations worldwide were attacked with ransomware in January and February 2021 than in the previous year: 37% instead of 51%. The bad news: The financial damage from a ransomware attack doubled globally. On average, the damage from one attack is about 1.5 million euros.
What is ransomware?
Ransomware is software, or malware, that takes your computers and files hostage. Criminals block or encrypt your computers, files, sometimes even entire networks, and only release them if you pay a ransom. According to experts, double encryption is on the rise: the ransomware encrypts your data not once, but twice. You have to pay for both keys.
Ransomware uses different attack forms. Criminals try to get their malware into your system through links, attachments in e-mail, advertisements, but also through targeted attacks on servers. Once inside, the ransomware spreads itself. The software blocks access to your computer or network, or encrypts your files. Through a pop-up, the criminals behind the attack demand payment, often in bitcoin or another crypto currency.
What can you do after a ransomware attack?
What should you do if you have been attacked? First of all, contact your IT administrator if you have one. You can also do this:
1. Investigate which ransomware is involved
You need a decryption key to unlock your files. Luckily, the keys to certain older ransomware are known. You can check this on nomoreransom.org, an international partnership between security companies and the police. Removing ransomware from your systems is quite complicated, so it is best to call in an expert.
2. Do not pay ransom
Of course, that’s easier said than done. And there definitely are companies that have no other option. In the first two months of 2020, 26% of international organisations paid criminals a ransom after an attack with malicious software. But paying criminals only perpetuates this form of crime. That is why Europol advises: do not pay. Report the attack to your police.
It’s always better to stay one step ahead of cyber criminals. As an entrepreneur, you can take a few precautions against ransomware.
3. Invest in backups
A backup, especially if you keep it in an external location, is good protection against ransomware. It means you don't even have to consider paying a ransom for your data. The Sophos study that was mentioned earlier showed that 56% of attacked organisations worldwide eventually got their data back through their own backups.
4. Use good antivirus programs
It sounds obvious, but only good virus scanners that recognise ransomware will keep you properly protected and able to fend off attackers. Of the companies that were attacked in early 2020, almost a quarter managed to thwart the attack before their files were encrypted.
5. Update your software
Cybercriminals use software vulnerabilities to enter your system with ransomware. Make sure you fix vulnerabilities in time. For example, by updating the software you use.
6. Stay alert
Experts warn: humans are a weak link in data security. Clicking on a link or opening an attachment only takes a second: so be careful. Always be suspicious of e-mails from strangers, and make sure that your employees do not receive private e-mail via the business e-mail address.
- If you have fallen victim to cybercrime, it’s a good idea to report the crime to law enforcement in your country. Reporting mechanisms vary from one country to another.
- Most European countries also have a National Cyberdesk where you can report your cyber incidents.
- Dutch resources for if you are based in the Netherlands:
- The Fraudehelpdesk (Fraud Help Desk) can advise you in the event of an attack and, if necessary, refer you to another organisation.
- The Digital Trust Center (DTC, in Dutch), set up by the Ministry of Economic Affairs and Climate Policy, provides further explanation about what you can do if your computer system has been held hostage by software.
- The National Cyber Security Center (NCSC), established by the Ministry of Justice and Security, combats cybercrime in the Netherlands.