Scamwatch: fake ransomware attacks

Companies duped by "bluff" ransomware demands.

Scamwatch: fake ransomware attacks

Stay one step ahead of the fraudsters with our series of articles giving you the lowdown on the scams they use to trick people out of their hard-earned cash - and how to avoid being taken in by them.

This week, we warn companies to be wary of "bluff" ransomware attacks involving fraudsters who claim to have encrypted data, but are actually just trying to use social engineering to force you to pay out.

How does it work?

Close to 40% of businesses with 250 or more employees have experienced a "bluff" ransomware attack, according to data from software company Citrix.

And of those affected, about six in 10 say they paid up on demand, with the average payment around £13,400.

In many cases, they did so after being threatened, for example with the fact that their files would be deleted if they tried to reboot.

However, while most firms contacted the police about the attacks, just 24% told their customers, partners and suppliers they had been duped by fraudsters. Citrix is therefore calling for greater communication to help prevent further attacks.

Chris Mayers at Citrix said: "This research leaves a worrying impression that organisations may be treating ransomware as a cost of doing business – just like shrinkage and fraud in some sectors.

"Yet this mentality may be resulting in British businesses paying out when it is not necessary, while simultaneously supporting cyber-criminal activity.

"Whether they pay the ransom or not, sharing information on the 'bluff' attack is key to ensuring that other organisations do not fall victim to the same scam."

How can I avoid being caught out?

Steps you can take to protect yourself against ransomware attacks include backing up your files on a system that is not directly connected to your computer or network and investing in online storage that will be able to retrieve uninfected files.

You should also ignore any suspicious emails and avoid clicking on any links in messages sent from people or organisations you do not know and trust.

I've been defrauded. What should I do?

If you receive a ransomware payment demand, you should report it immediately to Action Fraud on 0300 123 2040.

If it is a 'bluff' attack, you will then be able to reboot your computer or network.

If it is a real attack, however, the only way to remove ransomware from a computer or device is to strip it of all the files and software and reset it to what is called factory condition, before reinstalling any files you have backed up.

Either way, you should never pay the fraudsters behind the attack as this will only encourage more such problems.