Ransomware FAQs: Your questions answered

Ransomware attacks are a real threat for businesses of all sizes across the UK, and it’s not just a matter of “if” you’ll be targeted, but “when”. But despite the obvious threat, a Fortinet survey found that although 78% of businesses felt well prepared for an attack, 50% still fell victim to ransomware in the last year.

In this guide, we’ll answer some of your most common questions about ransomware. Whether you’re new to the topic or looking for a deeper dive, we’ve got you covered.

Ransomware basics

• What is ransomware? Ransomware is a type of malicious software (malware) that encrypts your files, making them inaccessible. Cybercriminals then demand a ransom payment in exchange for the decryption key.
• How does ransomware work? Ransomware typically spreads through phishing emails, malicious attachments, or by exploiting vulnerabilities in your software or systems. Once it infects your device, it encrypts your files and displays a ransom note demanding payment.
• How do businesses get infected with ransomware? Businesses often get infected through employee error, such as clicking on a malicious link in an email or downloading an infected attachment. Outdated software, weak passwords, and inadequate security measures can also increase the risk of infection.
• What happens if I get infected with ransomware? If you get infected with ransomware, your files and systems will be locked, and you’ll be unable to access them. You’ll receive a ransom note demanding payment, usually in cryptocurrency like Bitcoin, in exchange for the decryption key.
• Should I pay the ransom if I get infected with ransomware? The National Security Centre NSCC advises against paying the ransom. There’s no guarantee that you’ll get your data back, and paying the ransom could encourage further attacks.

Ransomware next steps

• What are the different types of ransomware? There are many different types of ransomware, each with its own unique characteristics. Common types include:
  • Crypto-ransomware: The classic ransomware that locks your files and folders, demanding a ransom for their restoration.
  • Locker ransomware: Locks an entire device, making it totally unusable.
  • Scareware ransomware: Uses pop-up ads or spam emails to frighten users into downloading malicious software or paying for unnecessary ‘fixes’ that steal personal data.
• How can I protect my business from ransomware? You can protect your business from ransomware by implementing a layered security approach that includes regular backups, strong passwords, Multi-Factor Authentication (MFA), employee training, and security solutions like firewalls and antivirus software.
• What should I do if I suspect a ransomware attack? If you suspect a ransomware attack, immediately isolate the infected devices from your network, disconnect them from the internet, and report the incident to the NSCC. Do not attempt to pay the ransom.
• What is a ransomware incident response plan? A ransomware incident response plan is a written guide that details the actions to follow when a ransomware attack occurs. It includes communication protocols, data recovery procedures, legal considerations, and more.
• How can I recover from a ransomware attack? Recovering from a ransomware attack depends on the specific type of ransomware and the availability and quality of backups. In some cases, it may be possible to decrypt the files without paying the ransom. However, if backups aren’t available, data recovery may be difficult or impossible.

Advanced ransomware questions

• What are the latest ransomware trends? Ransomware attackers are constantly evolving their tactics. Some recent trends include double extortion (threatening to leak stolen data), triple extortion (targeting customers and partners), and RaaS (Ransomware as a Service).
• How is ransomware evolving? Ransomware is becoming more sophisticated and targeted. Attackers are now focusing on specific industries and organisations, and they are demanding larger ransoms.
• What are some of the legal and regulatory implications of ransomware? Ransomware attacks can have significant legal and regulatory implications, such as data breach notification requirements, fines, and lawsuits. This is on top of the financial, operational, and reputational damage that ransomware can cause.
• How can I ensure my backups are protected from ransomware? To protect your backups from ransomware, store them offline or in a separate, secure location that is not connected to your network. You should regularly test your backups to make sure they are working correctly. A Veeam-powered solution like Zen’s Backup as a Service (BaaS) is a powerful cloud-based option.

Understanding ransomware is crucial for protecting your business. By educating yourself and implementing best practices, you can significantly reduce your risk of falling victim to this cyber threat. If you have any further questions or need assistance developing your ransomware protection strategy, get in touch.