Stay up to date with notifications from The Independent

Notifications can be managed in browser preferences.

The Independent's journalism is supported by our readers. When you purchase through links on our site, we may earn commission.

Cyber ransoming: A growing parasitical business for UK hackers

'There are minimal overheads and profits can be limitless'

Christina Zhao
Wednesday 12 April 2017 17:21 BST
Comments
One hacker can steal thousands with the click of a button
One hacker can steal thousands with the click of a button

Cybercriminals are increasingly targeting UK workers files and data, and the Metropolitan Police have warned that “no one is safe”.

The FBI, Metropolitan Police, and security experts all agree that cyber ransoming has fast become one of UK’s biggest economic crimes.

Unpredictable, unstoppable and potentially fatal to a business, the rapid emergence of ransomware has become a threat to people across the nation.

August Graham, the editor of the Sentinel, arrived at work one morning last summer to find a note pop up on one of the computer screens. It informed him that all the files on the firm’s server had been encrypted and were being held ransom.

He was told he had to pay £500 to get them back, or they'd be destroyed.

Last year, 54 per cent of businesses in the UK were hit by ransomware attacks, according to a survey by Osterman Research on behalf of Malwarebytes. In 20 per cent of the cases, it stopped business operations immediately.

The average ransom demanded is £520, but some can be enormous. Three per cent of UK companies that have been hit by ransomware reported a charge of over £50,000 to recover their data.

Gary Miles, the detective chief inspector of FALCON (Metropolitan Fraud and Linked Crime Online) described cyber ransoming as “the crime of choice” right now.

“For a criminal, the cyber ransoming business model is very attractive," he said. "There are minimal overheads and profits can be limitless.”

If you measure risk against reward, it's no wonder ransoming has doubled each year since its 2012 emergence. Robbing one computer at a time violently using a knife or gun doesn’t scale well.

However, one hacker can rob thousands with the click of a button.

What is ransomware?

In the first stage of a ransomware attack, a target will receive an email appearing to contain a legitimate attachment, such as an invoice or link to a website. Most people will have come across one of these infected messages.

In the past, they've tended to be written in broken English and easy to spot, but hackers have skilfully refined their techniques.

If the victim takes the bait and engages with the content, the second phase begins. The malicious code in the attachment will then be released onto the victim’s machine and spread fast.

It will encrypt all files and folders in local drives, attached drives, backup drives and other computers on the same server. In no time, all files will become corrupt and inaccessible.

The ransom note will then appear on the computer screen. Demands can range from a couple of hundred to several million, depending on how much the hacker thinks the organisation will pay.

What to do if you're targeted

Ransomware attacks are not just proliferating, but becoming increasingly targeted too. Blocking one is extremely difficult. Defenders are like the batters in a cricket game, who need to deflect every ball thrown at the wicket. Hackers just need to knock the bails once to win.

A survey by Trend Micro found that 65 per cent of UK businesses hit by ransomware last year paid the ransom, despite all security agencies and police forces advising against complying with attackers’ demands.

Explaining why victims should not pay up, Pascal Geenens, Radware's security evangelist for the EMEA region said, “Firstly, there is no guarantee that you will recover your data and secondly, even if you do recover your data, hackers may come back at a later date demanding an even larger ransom.”

Geenen says companies must place an emphasis on prevention by educating employees and putting protective technologies like firewalls, antivirus software and intrusion detection systems into place.

On top of that, companies are encouraged to establish a disaster recovery plan. So if a breach happens, there is a plan to minimise the damage. A company must concentrate on strengthening those things in order to make themselves less susceptible to ransomware. Once it happens, it’s too late.

Cybersecurity firms also encourage companies to back up their systems frequently.

“It should be done at least every hour,” said Mr Geenens. “That way, if an attack happens a company need only reboot their systems to the last point of backup.”

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in