Malware, Ransomware & Incident Response - Cobweb

Malware, Ransomware & Incident Response

Home » Content Hub » Malware, Ransomware & Incident Response

Malware is malicious software, which – if able to run – can cause harm in many ways, including: 

  • causing a device to become locked or unusable 
  • stealing, deleting, or encrypting data 
  • taking control of your devices to attack other organisations 
  • obtaining credentials that allow access to your organisation’s systems or services that you use 
  • ‘mining’ cryptocurrency 
  • using services that may cost you money (e.g. premium rate phone calls). 

Ransomware is a type of malware that prevents you from accessing your computer (or the data that is stored on it). The computer itself may become locked, or the data on it might be stolen, deleted or encrypted. Some ransomware will also try to spread to other machines on the network, such as the Wannacry malware that impacted the NHS in May 2017. 

Usually, you’re asked to contact the attacker via an anonymous email address or follow instructions on an anonymous web page, to make payment.

The payment is invariably demanded in a cryptocurrency such as Bitcoin, in order to unlock your computer, or access your data. However, even if you pay the ransom, there is no guarantee that you will get access to your computer, or your files. 

Occasionally malware is presented as ransomware, but after the ransom is paid the files are not decrypted. This is known as wiper malware. 

For these reasons, it’s essential that you always have a recent offline backup of your most important files and data. 

It is essential to plan for any incident. When creating your plan consider the following points, which should help you clarify the level of security you require and the budget you will allocate: 

  • How long will it take to restore the minimum required number of devices from images and re-configure for use?
  • How you would rebuild any virtual environments and physical servers?
  • What processes need to be followed to restore servers and files from your backup solution?
  • What processes need to be followed if onsite systems and cloud backup servers are unusable, and you need to rebuild from offline backups?
  • How would you continue to operate critical business services?
  • What impact would an incident have on your customers and their business?
  • What impact would an incident have on your company’s reputation?
  • What is the cost per hour/day/week of system downtime?

 *Contains public sector information licensed under the Open Government Licence v3.0.