We only just discussed the growing threat of ransomware – cyberattacks where victims’ data is encrypted by attackers and they must pay a fee to have their data decrypted.

The University of Calgary confirmed this week that it has been forced to pay $20,000 in bitcoins to decrypt its email server and other files after a ransomware attack. Apparently, decryption has been successful so far as their email server is up and running once more.

hacked

No doubt the university felt they had no option but to pay up to retrieve their data, but doing so has dangerous implications. Not only might the attackers fail to hold up their part of the “bargain”, but more broadly paying ransoms encourages more attacks.

Worrying, a group of Citrix researchers report that 20% of UK businesses had no contingency plan in the event of a ransomware attack. 33% were stockpiling bitcoins in case of an attack, so presumably their contingency plan is to pay the ransom!

Vigilance is important in thwarting these attacks – using employee training, firewalls and virus detection software – but the only sure contingency plan is regular backups that are stored offline. Backups need to be verified, and the only way that can be properly done is to test them by attempting to restore from them onto test servers.

The UK government has some useful “10 steps to cyber security” advice. There are a number of advice sheets, and 10 Steps: Malware Prevention is particularly useful in the context of ransomware.