Ransomware: statistics, protection and removal

Security companies around the world are calling ransomware the biggest cyber security threat we face in 2016. USA and Canada joined forces earlier this year to release a joint cyber security alert: “Infections can be devastating to an individual or organisation, and recovery can be a difficult process that may require the services of a reputable data recovery specialist.”

Ransomware is a form of virus that takes over a computer or internet device in a number of ways. There is typically a demand for payment of some kind to stop the attack. Encrypting ransomware encrypts users system files in some way, while locker ransomware locks a victim out of their operating system and makes their files and apps inaccessible. Both types of ransomware ultimately seek to get the victim to pay a ransom to regain control of their computer. In some cases payment ends the attack, but this is not always the case.

“There is an alarming rise in the number of ransomware attacks against businesses around the globe. These attacks are intelligently orchestrated and present a real challenge to businesses of all sizes.”

Key ransomware statistics

  • Mobile ransonware attacks increased nearly 4 times from 2014-2015 to 2015-2016.
  • The number of attacks increased by 17.7% during the 24 month period from 2014-2016.
  • 54% of UK businesses surveyed by Malwarebytes had been hit by a ransomware attack. An average of 37% of these ended up paying a ransom to the attacker.
  • Financial services was the most targeted UK industry, accounting for 38% of all attacks in 2015.
  • Ransomware accounts for 25% of all UK cyber attacks.

Where ransomware started

Ransomware has been around for a long time. Sources claim the first known ransomware, PC Cyborg, was written in 1989. The first major ransomware epidemic began in 2010 and targeted users in Russia and surrounding countries. The problem got so out of hand that law enforcement got involved and arrested a number of individuals accused of creating the blockers. An estimate 12.5 million Euros were extorted from victims.


What ransomware does

Ransomware generally enters a PC through a suspicious website, an Internet download or through phishing emails. In order to take over the device, ransomware must be downloaded, although this often happens automatically or through deceptive means. When sent via email, the email will contain a link a user clicks thinking it is something else. This clears the pathway for ransomware to enter the computer via an automatic download. Adverts seen on websites can also be infected. These adverts are typically disguised in a way that seeks to confuse the computer user, for example in the form of a competition pop-up or as a “You’ve Won Something” advert. Some messages make use of official marks like Police logos, which lure users into inadvertently downloading the ransomware. Computers and servers are most commonly infected, but mobile ransomware is on the rise.

Who carries out ransomware attacks?

Professional cyber criminals are behind these attacks. Attacks are planned to deliberately deceive people into handing over money in order to free the device from ransom. Money is often requested in the form of Bitcoins, an electronic currency that is difficult for authorities to trace. No single country is responsible but China, Brazil, Russia, Nigeria, Vietnam, Indonesia, USA, Romania, Eastern Europe and South Korea are often quoted as major attack originators. The truth is, anyone with an Internet Connection and enough savvy could carry out an attack; these attackers know what they’re doing and they plan these attacks en-masse. Cybercrime has become increasingly intelligent and poses a serious risk to computer users around the globe. More and more businesses are now being targeted, where previously these attacks were largely directed at home users.

Top regions affected by ransomware

On the day of writing this article, Vietnam, USA, Russia, Germany and India were the most targeted countries that day. The figures change continuously but anyone with an Internet connected device can fall victim to a ransomware attack. Corporate ransomware attacks doubled from the period 2014-2015 to 2015-2016, from 6.8% of attacks to 13.13% respectively. Home users remain the largest target group, receiving 93.2% of all attacks in 2014-2015. Given that most attacks go unreported, the scale of the epidemic is mind blowing. (Kaspersky, June 2016.) Visit: https://cybermap.kaspersky.com/ to see an interactive map of cyber threats as they occur around the world.

11 ways to protect yourself against ransomware

1. Backup

Nothing gives you more peace of mind than a regular backup. If your computer is held ransom, you can wipe it and re-upload your files. Network backups are not immune if you fall victim to an attack, so it can be best to use a Cloud or local backup. If you’re using a local backup device, don’t keep it connected continuously. If it’s connected and you’re attacked, your drive is also at risk.

2. Filter your emails

This can’t be emphasized enough. Emails are gateways into your computer so make sure you check what’s coming in. Be wary of emails from addresses you don’t recognise and treat everything you don’t recognise as suspicious in the first instance. An enterprise grade email solution can reduce the amount of spam you receive by up to 99%.

Filter through any emails that are quarantined and immediately remove anything that looks suspicious. Email applications like Gmail comes with built-in email filtering and a SPAM quarantine feature out the box. The key is to take adequate precautions and to be wary at all times – do this and you’ll thank yourself later.

3. Stay updated

Operating systems are continuously updated in response to new threats that emerge. Attackers search for known vulnerabilities that offer an entry point into a system. Outdated software is one of these gateways. Make sure your computers, servers and other devices are patched and up to date with the latest software version to further minimize your risks. It’s best to enable automatic updates, but if this isn’t suitable then make sure your software is updated as soon as new patches are released.


4. Protect your computer

Make use of a reliable anti-virus and anti-malware product from a reputable provider. Many come with built-in firewalls that offer an additional layer of protection. If you aren’t sure about what to use, speak to a provider who can give you more information. The companies behind these products make it their business to stay up to date with the latest threats faced by their customers, so it pays to go with a provider who’s in the know.

5. Take yourself offline as soon as you suspect an attack

This is by no means a reliable means of protecting yourself, but if you can disconnect before your computer is encrypted, you may avoid further damage to your system. If you suspect you’re under attack, disconnect your device from the Internet immediately. By doing this you may stop a malicious download in its tracks. Ransomware is primarily distributed through the Internet, so adopting this practice helps to avoid an attack if you can do it quick enough. Attackers rely on human misjudgement, so be cautious and make sure you have other protection mechanisms in place.

6. Invest in a firewall

Firewalls go a long way in preventing the entry and spread of malicious files. It’s worth investing in a reputable firewall solution to serve as the first layer of protection into your network. This is particularly true for businesses. A firewall works as a barrier that prevents unwanted entry into your network. Think of a firewall as the fortified wall that surrounds a castle.

7. Layer up

Adopt a multi-faceted protection approach by making use of a reliable anti-virus, email filtering and robust firewalls. None of these methods are 100% reliable, so using multiple layers of security is always best practice. Make sure these items are configured correctly and consider consulting with a professional if you’re unsure.

8. Stay informed

Keep up to date with the latest developments in the cyber threat world and you’re less likely to become a victim. If something looks suspicious, it probably is, and you’re more likely to spot something suspicious if you know what you’re looking for. Attackers are using increasingly sophisticated methods of gaining entry to your computer, so keep yourself informed and educate your colleagues, friends and family. If you’re a business owner, it’s worth sitting down with your employees to ensure they know how to avoid accidental downloads of ransomware. User error is a main gateway for attack so prevent it and you’re halfway there.

9. Stay away from suspicious sites and adverts

Browse secure websites and stay away from sites that are likely to transmit suspicious files. Be wary of clicking on online adverts and make use of a pop-up blocker in your browser. If something looks suspicious, it probably is.

10. Keep privileges low

Avoid using your computer with administrator privileges enabled. This will go a long way to ensuring that vital system files can’t be damaged by an attack if ransomware is accidentally downloaded. If you’re responsible for setting privileges, keep user settings to the lowest appropriate privileges.

11. Outsource your security

Technology is a broad field and it’s not feasible to be up to date with industry movements when it’s not your day job. Partnering with a service provider who has expertise in this field makes your security a professional’s priority. Get in touch today to discover what we can do to help you. We are ISO 27001 certified and provide security services in line with global Information Security best practices.

7 ways to remove ransomware

If your system is already infected, you can try to remove ransomware using the tips below. It is highly recommended that you seek professional advice if you believe you have been infected with ransomware. A number of sources recommend that you do not enter any credit card details or your personal details in order to remove the infection. Paying to remove ransomware is not a guarantee that the infection will disappear and you may fall victim to further exploitation from the attacker. 

1. Restore your system

System restore (enabled by default in Windows) can roll your system version back to a time before you were attacked. Shutdown your PC and when it reboots, press the F8 key continuously. This should display “Advanced Boot Options”. Select Repair your computer, then System Restore. Be aware that you may lose any files you’ve made since your last restore point.

2. Scan your computer ASAP

Use an online scanner and removal tool such as Bitdefender to automatically scan your system and remove any suspicious ransomware. If your computer is completely locked and you cannot remove the messages that appear, it is useful to follow the steps below to boot your computer in Safe Mode and attempt to run a scan from there. Download Bitdefenders tool here:


3. Run your purchased anti-virus and remove any suspicious files

Run your anti-virus program and remove any quarantined files or those with warnings. If the ransomware prevents you from doing this, start your computer in safe mode and try running the software from there. 

4. Boot in safe mode

Restart your computer and press the SHIFT and F8 keys simultaneously. An advanced Boot Options menu should appear. Select Safe Mode. Your PC will boot in Safe Mode. Once in Safe Mode, try running an Anti-Virus programme to remove the ransomware infection. If you need to download an anti-virus product, make sure you boot in Safe Mode with Networking for continued access to the Internet.


5. Use task managers to force quit ransomware

Use Windows Task Manager or Force Quit on Mac to close your browser and then run an anti-virus program. If this doesn’t work you will need to boot in safe mode using the steps above.

6. Reinstall your operating system

Less than ideal, but often necessary, reinstalling your operating system can help to rid your computer of ransomware. Try reinstalling the operating system by using the discs that were included when you purchased your computer. This worst-case solution is far less damaging if you have made thorough use of reliable data backup. We strongly recommend you implement a reliable data backup solution if you are not doing so already.

7. Contact a professional

If you are unconfident about removing ransomware yourself, it pays to speak to a professional. We have successfully removed and prevented ransomware attacks for businesses throughout Hertfordshire, Bedfordshire, Buckinghamshire and London. iQuda is ISO 27001 and Cyber Essentials Certified. Get in touch to find out how we can help you.