Latest News

Ever watched one of those classic hostage movies? Air Force One, Speed, Inside Man or even that unforgettable scene in The Dark Knight with the Joker, Batman and the immobilised twin ferries full of hostages drifting on the river. They might make for great cinema, but if you stop for a second to think about the emotions of the characters in those scenes it makes for some uncomfortable thoughts.

What were those people feeling? Fear. Helplessness. Vulnerability. The terror that your fate is in the hands of someone else.

But what if you are unfortunate enough to become one of many managers or owners of a small or medium sized business who was subject to a ransomware attack? Chances are you’d feel a lot of one similar emotions. Because the ‘bad guys’ playbook is exactly the same. 

What is ransomware?

$322,000. That’s the average amount that organisations who were actually ‘taken hostage’ by the attacks paid to hackers to get released.

This is based on data from 5,600 medium-sized businesses just like yours.

Ransomware is a type of malicious computer code. The usual goal of the code is to infect your computer or network and perform a pretty specific action: to take your system, data and access hostage by ‘locking it up’ away from your reach until a ‘ransom’ is paid by you. But there are plenty of variations on this theme. 

What are the types of ransomware attacks? 

Just like poisonous snakes, there are a wide variety of ransomware types and it can be helpful to know what you’re dealing with. We’ve put together a straightforward guide to some of the most common types out there:

• Encryptors: these can also go by ‘crypto ransomware’ and are probably the most common type of ransomware out there. They take all the data in a system, encrypt it to make it unusable to you. The ‘fix’ is a decryption key – for a fee of course.
• Lockers / lock outs: this type of ransomware is the classic ‘hostage taker’ that puts some big impenetrable walls around your system, locks you out and then asks for a ransom payment if you’d like to get the key to your systems and data back. Often, these are paired with tactics designed to increase fear and urgency like a countdown timer or a threat to delete all files if the ransom isn’t paid in a set amount of time.
• Scareware: this method is slightly less confrontational but plays heavily on fear. A bug latches onto your system then continually reminds you and your staff of a virus or vulnerability that it will reveal to you in exchange for payment. 
• Leakware / doxware: our data is private which means that threatening to leak it online is a powerful tactic used by scammers. A common profile of these scam claims to have detected ‘illegal activity’ or lists the names of sites that the user has visited that they may prefer others not know about. This tactic is especially effective when targeting employees or managers who might have accessed non-work sites on work computers. 

What steps can I take to protect against ransomware?

There is no one single solution to protect against ransomware. No two businesses are the same and many factors need to be considered when developing your cyber security strategy which should always cover the 3 pillars of people, process and technology.

Basic ‘computer hygiene’ such as having anti-virus software, performing regular system-wide software updates, having effective backups in place, enabling multi-factor authentication and automatically restricting what external applications are able to be installed on a work station are  some basic practices every business needs to have embedded.

Regular in-person training, education and quizzes are critical because any employee clicking the wrong link or giving information to the wrong person can be the ‘point of entry’ for a ransomware attack.

If you would like to put in place some additional layers of protection around your business-critical systems and software then feel free to contact us at any time. We are local, professional cyber security experts and can do a thorough assessment of your needs and system weaknesses before recommending a tailored plan to help close those gaps in your defences.