Consumer Blog: Don’t join the Moray firms forced to pay a ransom

A US version of a Ransomware message

We learned recently of at least one Moray company that has been faced with the dilemma of either scrapping their computer records and starting again – or pay a fee to an overseas based hacker to unlock their vital data.

Known as ‘ransomware’ it is a practice that is becoming increasingly common – and the really worrying part of it is that the authorities seem completely unable to do a thing about it.

So what is this new threat? In common with all of the most effective scams it is a remarkably simple concept – and as with many of these particular scams can trace its birth to Eastern Europe, in this case Russia.

It belongs to a class of computer virus known as ‘malware’, a nasty piece of computer programming that is implanted into the unwary (and unprotected) computer usually having been hidden as part of a legitimate piece of software and downloaded by an unwary individual.

The ransomware code comes in various forms but commonly will either encrypt files on the target computer or simply lock the system, leaving the user with a message that invites them to pay for instructions required to unlock the infected computer.

Police in the UK have received thousands of complaints from companies and members of the public about such attacks in recent years, correctly seeing the demands for cash to unlock their systems as an illegal act – effectively holding them to ransom.

While official advice is not to pay, privately law enforcement agencies in the UK and around the world are well aware that the chances of recovering data without paying up are pretty much close to zero.

Staying free from ransom

As with all crime the answer is in prevention measures before you are placed in such a position – and, in the very least, following backup procedures that have been the mantra of computer professionals from the dawn of the personal computer – but, sadly, so rarely followed (even by computer professionals themselves who really should know better).

Here then is the insideMoray guide to avoid you or your company being left with the impossible decision on if to pay the online blackmailer or rebuild possibly years of data collection. In effect, most of this is common sense – but the number of people failing to adhere to such common sense is almost as frightening as the scammers themselves.

1. Backup strategy

Programmes can be replaced from master copies or re-downloading purchased software – but data replacement is never so simple. So back it up – regularly, no exceptions, no excuses, backup programmes are freely available online. For the greatest security, backup as a matter of routine every day – preferably onto an external hard disk that you then disconnect from your system between backups.

2. If in doubt – Don’t Click that link!

The most common delivery of malware is via email attachments – it is all too easy to click on that attractive looking invitation. Simple answer is think twice every time – be suspicious, even if the mail does appear to be from someone you know and trust. Microsoft have some pretty decent advice on this online at http://www.microsoft.com/en-gb/security/online-privacy/phishing-symptoms.aspx.

3. Install anti-Malware and Virus protection

There are many programs that keep your systems safe and again are free – there is simply no need to pay for such software. Microsoft Security Essentials for example – available at http://windows.microsoft.com/en-gb/windows/security-essentials-download

Incidentally Microsoft also have a free safety scanner that is updated approximately every ten days and is a useful first-step into ensuring your system has at least a basic level of protection from malware and other virus threats – you can download and find more about that at http://www.microsoft.com/security/scanner/en-gb/default.aspx

We always welcome feedback to insideMoray’s consumer blog – tell us what issues you are worried about or indeed ‘put us right’ if you disagree with advice we are providing. Email us at editor@insidemoray.co.uk.

Leave a comment