Five things all tech startups should know about ransomware


Neil Bellamy, head of TMT at NatWest, discusses everything tech entrepreneurs need to know about ransomware.

Although technology businesses may think they are well protected against ransomware attacks, they are often targeted and can suffer significant losses.

Ransomware is now one of the key cyber threats facing organisations and can have a major impact on their bottom line, from financial losses, disruption, and reputational damage.

Attacks where dozens or even hundreds of computers are infected can leave businesses with enormous cumulative ransom demands.

Tech startups need to ensure they are protected and understand the risks and realties.

1. What it is

As its name suggests, ransomware involves withholding an asset until a ransom has been paid. When that asset is digital, however, the method is more complicated and involves encrypting a company’s data until funds have been received. It involves six steps:

• Distribution of ransomware program: this might be contained in an email attachment, a compromised website, or a USB drive.

• Infection: the program then arrives on a user’s computer and starts to work.

• Communication: the program talks to encryption-key servers to retrieve a public key needed to encrypt data.

• File search: the program then searches for the files to encrypt, for example docx, xlsx.

• Encryption: the ransomware program moves and renames the targeted files, then encrypts them, locating them on the encryption server.

• Ransom demand: this is typically done by taking over the screen of the infected computer and demanding payment. At this point, the user decides whether to pay the ransom and hope it will deliver a key that can unlock the data.

2. Well established

While the above may sound as though it relies on the latest technology to implement, the concept is a little older.

In fact, the first known example of ransomware, called the AIDS Trojan, happened in 1989.

The first ransomware prototypes were developed soon afterwards, but it wasn’t until 2005 that the level of their deployment became serious.

3. Ransoms are demanded in digital currencies

Why 2005? The first serious piece of ransomware was GPCode, which exploited the anonymous nature of digital currencies to let the ransom holders get funds without being traced by the police.

GPCode demanded that its victims pay in e-gold and Liberty Reserve – both digital currencies – but it was the invention of bitcoin in 2009 that fuelled ransomware. Bitcoin has proven a popular method of exploitation due to its less traceable nature.

Last year’s prominent WannaCry ransomware attack, which struck several NHS hospitals, internet service provider Telefonica, and other high-profile targets around the world, saw victims receive a note demanding $300 in bitcoin as ransom.

4. Ransomware is on the rise

According to CSO Online, cyber attacks caused roughly $5bn (£3.6bn) in damages last year – up from an estimated $850m in 2016.

The issue regularly makes headline news, with the head of the UK’s National Cybersecurity Centre warning this week that it was a matter of “when, not if” Britain would be hit by a major cyber attack, capable of disrupting critical infrastructure or the democratic process.

5. You can protect yourself

While you might need expert help to implement a strategy that fully protects your company, you can take many precautionary steps in-house.

Establish passwords that only allow pre-approved staff to install software. Educate your staff not to open suspect files, attachments or malicious links on the web. Prevent your staff from visiting known malicious domains with a firewall and use web-filtering software that prevents dodgy programs entering your network.

The key is to practise basic cyber hygiene, make sure all software is up to date and backed up.

For information on what to do in the aftermath of an attack, read: What to do if your business is a victim of fraud.