Time To Get Ransom Aware

04 May 2016

2016 has witnessed an explosion of cyber security breaches involving the use of Ransomware; which in some cases has resulted in organisations being left completely immobilised.

In February a large US-based hospital lost access to all computers systems and files, because of one successful phishing email. In the space of a week the hospital was forced into an  almost complete standstill with staff members reverting to traditional pen and paper.

As with most cyber security incidents, the hospital in question had not taken the adequate steps to prevent, prepare and respond to a cyber-attack. Having failed to identify that they were under attack in the early stages, their options to counter the attack were limited. As a result, the hospital was forced to pay the hacker(s) $17,000.

What is frighteningly clear in this example is that without access to information, organisations simply grind to a stop.  But this needn’t be the case. By investing in your ability as an organisation to identify and respond, as well as to prevent a cyber-attack, organisations can minimise the harm caused by Ransomware campaigns.

So what is Ransomware? Ransomware is a type of malware that restricts access to the computer systems, and more specifically, the information they hold by encrypting the data.  Typically, the infected organisation is left with a ransom note setting out the situation, the amount they need to pay and instructions for restoring access to the encrypted information.

Late last year, Joseph Bonavolonta, Assistant Special Agent in charge of Cyber and Counter Intelligence at the FBI made the following statement about Ransomware: “The Ransomware is that good... To be honest, we often advise people just to pay the ransom”. While your default position may be to pay the ransom in line with this advice, it’s worth bearing in mind that paying a ransom is not a guaranteed to result in the release of your data.  Instead, we would recommend that in the event of a Ransomware attack, organisations should start by establishing the facts because it may still be possible to return the business back to normal operation without caving in and funding cyber-crime. Steps include:

  • Being aware of your ransom deadlines. This aspect is very important because when it comes to Ransomware there are multiple thresholds. For example, once a threshold has been surpassed a new deadline may be imposed with a higher ransom.
  • Knowing what you’re infected with. By understanding what type of Ransomware you have been infected with you can gain an understanding as to how the particular malware operates.  Importantly, many forms of Ransomware contain weaknesses that can allow you to decrypt and restore your information. 
  • Checking your backups. Depending on your backup and disaster recovery strategy, it could be that you are able to restore your data with minimal impact to the organisation.  The key point here is to make sure that the backup data hasn’t been compromised and that the source of the outbreak has been dealt with.
  • Accepting loss. In many cases, depending on how quickly an organisation can respond and the type of information that has been encrypted, a genuine response strategy could be to accept the loss. Critical to this is ensuring that you understand what data has been impacted and its purpose.

When it comes to Ransomware, prevention is always better than cure.  While some infections of Ransomware originate through technical weaknesses, many are the result of human vulnerabilities. Training your staff on common cyber security and investing in creating a human firewall can prevent most forms of Ransomware.  Furthermore, in the event of a successful breach, a robust human defence will help ensure a strong and effective response.

Receive our monthly newsletter

About the Author


+44 (0)20 7034 9000
Our 24 hour number
+44 (0)20 7034 9000
Legal information

© 2021 Schillings International LLP. SCHILLINGS is a trading name of Schillings International LLP and Schillings International (USA) LLP.

Schillings International LLP is a limited liability partnership registered in England and Wales with registration number OC398731. A list of members of Schillings International LLP is available for inspection at our registered office 12 Arthur Street, London, EC4R 9AB. Schillings International LLP is an Alternative Business Structure regulated and authorised by the Solicitors Regulation Authority.

Schillings International (USA) LLP is a registered limited liability partnership organised and existing under the laws of the State of Delaware, United States of America, whose principal place of business is at One World Trade Center, Suite 8500, New York, NY 10007. Our New York based attorneys are registered as a foreign legal consultant in the State of New York.