What is ransomware?
Ransomware is a type of malware that disables your IT system and prevents you accessing your data, usually by encrypting files. A criminal group will then demand a ransom in exchange for decryption. Ransomware is now the biggest cyber threat to UK businesses.1
How to prevent ransomware
- Layers of defence: Use layers of defence to help you detect malware and stop it causing harm
- Backup files: Make regular backups of critical files. Store offline backups in a different location from your network and systems, or in a cloud service designed for this purpose
- Take initiative: Guard against malicious content reaching your devices, for instance by filtering file types and blocking malicious websites
- Antivirus and anti-malware software: Prevent malware from running if it does reach your company devices by using up-to-date antivirus or anti-malware products and technologies on all devices, including mobile phones and tablets, such as AppLocker
- Vet suppliers: Ensure your suppliers have the right level of protection
- Employee Training: Train employees to be aware of the threat and vigilant about suspicious activity – malware is often delivered via email attachments
- Plan for an attack: Think through the potential impact of a ransomware attack, and how you would continue to operate critical services while you rebuild.
What to do if you're a victim
- Ransoms: Paying the ransoms demanded by cyber criminals only encourages further attacks. There is no guarantee it will get results – in one survey, 25% of organisations that paid a ransom did not retrieve their stolen data1
- Immediately: Disconnect infected devices from the network and turn off wi-fi
- Reset credentials: Ensure you reset any compromised credentials, including passwords
- Infected devices: Safely wipe infected devices and reinstall the operating system
- Backups: Verify backups are free from malware before restoring
- Antivirus and anti-malware software: Install and update antivirus, and anti-malware, software before reconnecting to your network
- More detailed guidance: Provided by the National Cyber Security Centre. The No More Ransom project has a selection of keys and applications to decrypt data locked by different types of ransomware.
Wake up to the reality of ransomware
FAQs on ransomware
Barclays’ experts answered frequently asked questions about ransomware attacks and how to respond.
Many criminal groups are profiting from these attacks, explains Sarah Michaels, Head of Strategic Cyber Intelligence at Barclays. It’s not just the threat actors themselves, but the affiliates and access brokers who provide the malware that are making money.
“This is a business model that is highly profitable for criminals,” Sarah says. “We have seen the amount of ransoms demanded, and the amount paid, just go up and up over the last 12 to 15 months. So we've seen ransoms on the order of 50 to 70 million US dollars.”
Paying a ransom feeds a vicious cycle, says Nimesh Patel, Global Head and Director of Third Party Security Assurance & Monitoring at Barclays. “Companies should do everything they can to have the best controls in place, so they can avoid paying the ransom.”
Similarly, the rising number of companies taking out ransom extortion insurance risks backfiring. “We've actually seen these criminals trying to obtain information about the value and extent of company's cyber insurance policy so that they know how much of a ransom to ask for,” says Michaels.
Cybercriminals are targeting companies that have high value assets or hold high value data, or those that are more sensitive to any downtime. But this doesn’t mean smaller companies are at less risk.
“A big payout is enticing, but it may be more difficult to secure,” Patel points out. “Lots of companies at £5,000 each is still a pretty decent payout.”
Your next steps
To report any fraudulent activity, or attempts, contact Barclays Corporate fraud on 0330 156 0155* or if calling from overseas dial +441606566208.
If you receive a suspicious email, send it as an attachment to firstname.lastname@example.org and delete the email immediately.
Are you protected?
To keep yourself, and your organisation protected from criminals, ensure you keep up to date with our latest resources and advice.
Fraud and Scam Toolkit