Skip to content
HSBC logo

Ransomware

Back to Cybercrime and Fraud

What is Ransomware?

Ransomware is a type of malware (malicious software) that infects your system and takes control of your files and data. Once infected, companies ordinarily see a message displayed on devices explaining that files are inaccessible until a ransom is paid. Cybercriminals will demand payment in the form of a digital currency such as Bitcoin, as the transfer would be untraceable. The attacker often extracts a copy of the data that is used to further extort money from the victim, under threat of making the information public.

Ransomware is a fast-growing trend, both in the number of attacks and the value of ransom demands. In fact, it is becoming one of the most common forms of cybercrime. Ransomware attackers are typically either organized crime groups or, less frequently, state actors operating on behalf of governments.

Who is targeted?

Any individual, or company, large or small, could be targeted by ransomware. There is potential financial reward for threat actors in every attack. However, the recent surge in ransomware incidents are attributed to two major shifts in cybercriminals’ approach:

  • The focus is moving from smaller companies to larger corporate organizations and multinationals as they are more likely to pay the attacker to avoid substantial business disruption and the ransoms paid are higher. Targeting large organizations is known as ‘big game hunting’.
  • Ransomware no longer confines itself to just encrypting data. The more advanced ransomware is designed to steal information alongside the encryption or to disable or even to delete data back-ups that are connected to the network. All are carefully designed to put pressure on victims to pay up.

Furthermore, the risk of a successful ransomware attack has significantly increased because of expanded remote work across all organizations.

Although any company or individual may be vulnerable to ransomware attacks, recent data shows that ransomware attackers have shifted to target those that handle sensitive information, such as law firms or healthcare companies. These companies are seen to be more likely to pay in order to protect the sensitive or confidential information they hold.

Companies that handle the following data types are likely to be more attractive to ransomware attackers:

  • Personally identifiable information (PII)
  • Protected health information (PHI)
  • Intellectual property
  • Litigation strategies
  • Unpublished financials
  • Project bids

What are the risks to your business?

  • Business disruption
  • Financial loss
  • Data breach
  • Reputational risk
  • Penalties relating to paying sanctioned individuals or entities. OFAC (the US Office of Foreign Assets and Control) has issued an advisory noting that companies and/or those working on their behalf may be penalized if they knowingly or unknowingly pay a ransom to a sanctioned cyber-criminal or group.

How can you defend your business against ransomware?

The threat landscape is evolving all the time, but there are steps that organizations can take to build their resilience against cyber-threats.

Remember that these are not one-off measures, always ensure you are keeping up with the latest threats and defensive tactics.

  • Design a recovery plan in the event of a breach.
  • Keep operating systems and third-party apps patched with the newest updates.
  • Ensure you back-up data and information regularly and frequently.
  • Make sure back-ups are not connected to the Internet or any local network. Keep it offline.
  • Educate employees on the dangers to look out for. The most common way ransomware gets into organizations is through human exploitation, with someone downloading an infected file or clicking on a malicious link in an email, known as email phishing.
  • Do not click on links from unknown sources or that otherwise raise red flags.
  • Keep macros disabled by default, and make sure employees are aware that a prompt to enable macros can be a red flag.
  • A number of ransomware strains are sent as attachments and links. When a user opens the attachment, they are asked to enable macros to see the contents of the document. Once they enable macros, the actual ransomware payload will download and execute.
  • Restrict administrative privileges and ensure that people only have the access that allows them to carry out their job functions.
  • Run a simulated ransomware event and practice recovery procedures.

Data Breach Notification

If data has been breached, consider the following guidelines from regulatory agencies:

Read more

Need help?

Get in touch to learn more about our banking solutions and how we can help you drive your business forward.
Contact us