You will probably have heard on the news, via friends or social media about the Ransomware attack on the NHS today, with over 25 NHS Trusts and many GP practices affected. There are also many other global organisations being targeted today, such as FedEx.

Please therefore find some useful guidlines below from our security advisors at SCA which we are sharing with you for the benefit of our members.

Ransomware is a malicious form of software that targets your most treasured files and then encrypts them so you can’t open or access them.  The only way you can regain access to your files is by entering a code that removes the encryption, or restore from a backup. To get the code you have to pay a fee to the cyber criminal who has created the ransomware and locked you out of your own files.

The charge for an individual is normally a relatively small amount of money, a few hundred pounds perhaps, but for businesses the fees can be the equivalent of thousands of pounds.

How does it work?

Ransomware gets onto your PC, Mac or Network in a variety of ways – perhaps through an infected email, hijacked blog site or malvertising (an advert on a website carefully crafted to infect your machine).

We are pretty sure the NHS attack came in via email, with a targeted subject line of “Clinical Results”. I am sure many doctors, nurses or other clinicians opened an email with that subject header.

Once in, it will do its worst, sometimes taking several days to reveal itself. That is the point at which is displays the ransom request.

The way ransomware normally works is that you have to buy a or some ‘bitcoins’ to pay for the code to unlock your files. So you are not paying this fee into someone’s bank account where it could easily be traced but you’re making your payment to a much less traceable bitcoin address.

A bitcoin is a form of digital currency which is held in a digital wallet – it is not physical currency in the traditional sense but it has value on the internet and bitcoins cost real money to buy.

IF you get the code from your ransomware perpetrator you can enter it to have your files unlocked and your laptop/pc is unharmed but of course you’ve had to pay out an amount of money to make that happen.

What makes matters worse from the perspective of the victims of ransomware is that there is normally a limited timeframe within which you must buy the code or else the code will be destroyed and you will then never be able to unlock your files. That or the price keeps increasing as the time ticks by. The purpose of this function of course is to make ransomware victims panic and pay whatever fees are being demanded right away.

How to protect against ransomware

Option 1: You can wait for a ransomware attack to happen and hope that by the time they get to your files the anti-virus software you have in place will kick in and block these cyber thieves from doing any damage. This is not exactly recommended as many of these infections will disable your anti-virus before making themselves known. It’s clear the NHS’ security systems failed them today.

Option 2: You can buy an external hard drive and back up your files and data daily. The only problem with this is that ransomware is getting smarter and increasingly difficult to detect and protect against.

These malicious forms of software are beginning to infect devices several days before their creators ask for a ransom and their bitcoin payments.

The way it often works now is that ransomware effectively locks a few of your files over a period of 2-3 days without you necessarily noticing that anything is wrong, which makes it very difficult subsequently to know which of your files are and which aren’t infected. So reinstalling the backup from yesterday will no doubt contain the encrypted files.

Additionally, unless you have more than one external hard drive and swap them over a period of say one week, the ransomware will also silently encrypt your external drive while it’s connected.

Option 3: Cloud backup. What’s great about cloud backup is that it backs up files automatically over an extended period of time which means you can go back and access files from days. weeks and months earlier without any problem. If configured properly, it’s also a “set and forget” product, meaning you do not need to keep remembering to backup.

Cloud backup is a more expensive way of securing your data and your files as compared with using an external hard drive but it is also a great deal safer and more secure. So it is well worth the investment if you are concerned about the potential consequences of being denied access to the files that are most valuable to you or your business.

Do note that there is a significant difference between a cloud backup service and cloud storage platforms like Dropbox.

The key distinction is that cloud storage platforms typically replicate everything on your PC – and if it takes several days for ransomware to show its face then your cloud storage may have been merrily replicating useless, encrypted files back up to the cloud and overwriting the files you may want to recover in the process.

Cloud backup on the other hand backs up the changes to your files every day and keeps them isolated so they are not overwritten, which means you can go back several weeks or even months and restore data from old files. So with cloud backup you can wrong foot whatever ransomware comes your way, whereas with simple cloud storage platforms your files may not be fully protected.

Many people now realise that Ransomware attacks etc are not a matter of “IF” but “WHEN”. So mitigation and education are much more powerful than relying on anti-virus alone.

We hope you have a good weekend and don’t have nightmares – but please do make sure you have a backup.