Should You Pay a Ransomware Request?

Ransomware is a form of malicious software, known as malware which aims to extort money by encrypting (locking you out) computer files and demanding a ransom to the decryption password.

How can I protect myself from Ransomware?

Ransomware exploits known security vulnerabilities, make sure all your systems and applications are always updated - this reduces the risk of malware infection.

Ransomware normally arrives via phishing (scam emails and texts), make sure your staff know how to spot a scam email or text.

Should I pay a Ransomware request? What does law enforcement advise?

Remember that GMP and all law enforcement does not encourage, endorse, nor condone the payment of ransom demands. If you ignore this guidance and pay the ransom:

  • There is no guarantee that you will then gain access to your data or device(s).

  • Your computer will still be infected.

  • You will be paying a criminal group.

  • You're more likely to be targeted again in the future.

Back in January, the Scottish Environment Protection Agency (SEPA) confirmed it was the victim of an ongoing ransomware attack. SEPA had about 1.2GB of data stolen from its digital systems on Christmas Eve and Sepa decided not to play ball with the cybercriminals.

Ransomware is a scourge that is costing organisations billions of pounds and every time a victim pays, it fuels further attacks. Sadly for Sepa, this is far from over.

How can I protect my business from losing access to my data by ransomware?

It's important you take steps to protect from the loss of access to their data by ransomware, as well as from the risk of data theft.

  1. Make regular backups - Making sure that you have up-to-date backups are the most effective way of recovering from a ransomware attack. Make regular backups of your most important files and ensure you create offline backups that are kept separate. They should be kept in a different location (ideally offsite), from your network and systems, or in a cloud service designed for this purpose.

  2. Prevent malware spreading - Make sure that your systems are reducing the likelihood of malicious content reaching your devices through a combination of; filtering to only allow file types you would expect to receive and blocking websites that are known to be malicious. Public sector organisations are encouraged to subscribe to the NCSC Protective DNS service. This will prevent users from reaching known malicious sites.

  3. Prevent malware from running on devices - Take steps to prevent malware from running. The measures required will vary for each device you have and it's the operating system. You should look to use device-level security features. It's recommended that organisations should: centrally manage devices and only allow users to use trusted applications on work devices (only AppStore applications on Apple devices for example). Install antivirus or anti-malware products and them up to date. Don't forget to provide security education and awareness training to your staff.

  4. Prepare for an incident - Identify your critical assets and determine the impact to these if they were affected by a malware attack. Develop an internal and external communication strategy. Make sure that the right information reaches the right staff members or external partners quickly and efficiently. Make sure you are aware of the legal obligations when reporting an incident to regulators, and understand how to approach this.

Further Guidance

  • Sign up for our Free Core Membership, we're committed to raising cybersecurity and resilience across Greater Manchester. This includes supporting businesses, academia, and the charity sector, as well as employees.

  • Sign up for the Cyber Essentials certification scheme, so your customers and partners can see that you have addressed any risks.

  • Cybersecurity incidents can be reported to Action Fraud.

  • Follow the NCSC guidance on protecting your organisation from phishing attacks.

Former cybersecurity chief has called for the law to change

Ciaran Martin, who ran the National Cyber Security Centre until last August, has called for a law change and warns that the situation is ‘close to getting out of control’ Insurers are inadvertently funding organised crime by paying out claims from companies who have paid ransoms to regain access to data and systems after a hacking attack.

He told to The Guardian in January "At the moment, companies have incentives to pay ransoms to make sure this all goes away. You have to look seriously about changing the law on insurance and banning these payments, or at the very least, having a major consultation with the industry."

NCSC guidance on Ransomware includes:

  • Protecting bulk personal data - 15 good practice measures for the protection of bulk data held by digital services. Read more.

  • Logging and protective monitoring - Help for organisations from choosing and purchasing devices to the guidance you give to employees. Read more.

  • Mitigating malware and ransomware attacks - Read more.

The contents of this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of Cyber Resilience Centre for Greater Manchester (CRCGM) is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others.  Articles on the website cannot by their nature be comprehensive and may not reflect most recent legislation, practice, or application to your circumstances. CRCGM provides affordable services and Trusted Partners if you need specific support. For specific questions please contact us.

CRCGM does not accept any responsibility for any loss which may arise from reliance on information or materials published on this website. CRCGM is not responsible for the content of external internet sites that link to this site or which are linked from it.