Mark James, UK security specialist at ESET, wasn't surprised at the latest variant of ransomware, describing it as a natural development driven by the need to keep up with developments in antivirus software.
“They make a lot of money from this so there is strong incentive for them to adapt,” he said. “There will be any number of variants available – they will constantly be updating themselves.” In particular, expect advances in how they are delivered and how they take instructions from the command-and-control server.
Unfortunately for those individuals and organisations infected by ransomware, there is nothing that can be done to decrypt the data, leaving you the option of paying the ransom or restoring from backup.
With the price of the ransom typically set to the equivalent of a few hundred pounds or dollars, the temptation to quickly fix the problem by paying it can be very strong, but James cautioned against this course of action.
Criminals usually insist on being paid in Bitcoins which can lead you to more risky sites where you may pick up additional malware. Then there is the chance that in the time it takes you to get the decryption package, the criminals may have been shut down by law enforcement, leaving you out of pocket and with no way to get your files unlocked.
James says there's no substitute for backing up your files. For organisations, this means all your business critical data and for consumers it means all data that you would consider irreplaceable including family photos.
And be vigilant for malware. Despite all the advances in cyber attack techniques, the most popular attack vector remains email, and with spear phishing becoming increasingly sophisticated, users need to remain vigilant at all times.
Daljitt Barn, Director, Cyber Security at PwC said that falling victim to ransomware points to a failure to fix the basics. “It demonstrates that they don't have a good handle on their security posture,” he said. “For an SME, cyber insurance would probably pay for someone to do the forensics to find and eradicate the virus from their computers.”