Yesterday, three people were arrested in Stoke-on-Trent following an investigation into ransomware by officers from the Police Central e-Crime Unit (PCeU).
Ransomware commonly uses popup pages which contain blackmailing messages, telling the recipient that their computer has been locked by the FBI or another policing body, and that they must click to pay a fee in order to regain control. Earlier this week, a medical centre in Australia was subjected to a more sophisticated ransomware attack, in which thousands of patient records were encrypted by hackers who subsequently demanded £2,600 in order to release the information.
Ross Brewer, vice president and managing director for international markets, LogRhythm, has made the following comments: "Ransomware unfortunately looks to be a huge new threat to computers and IT systems, both personal and corporate. While point security tools, such as anti-malware software, can be utilised to remove the ransomware once a machine has been infected, they have repeatedly proven their various limitations over the past few years. Furthermore, the aim should be to prevent the malware from even being installed in the first place – nobody should be subjected to having their network data held captive by cyber criminals.
“For organisations, this is especially important, as not only would their sensitive corporate data been breached, but their whole business operation could grind to a halt. As such, instead of focusing their resources purely on point security solutions, the increasingly sophisticated nature of today’s cyber threat calls for continuous, protective monitoring of IT networks to ensure that even the smallest intrusion or anomaly can be detected before it becomes a bigger problem for all.
“Usually, ransomware hijacks do turn out to be a simple demand for money to unlock the PC, but often hackers may also install infected computers with backdoors that anti-malware software may not detect, which allows them to gain further access to the computer’s data at any time. Only by having centralised systems in place that can collect and analyse – but, most importantly of all, add context to data as and when it is generated – can any abnormal behaviour in IT log data be alerted on, allowing for the immediate identification and prevention of ransomware and its associated problems.”