BH Consulting Joins the Fight Against Ramsomware

Information security specialist BH Consulting has been accepted onto the No More Ransom initiative, a collaboration between law enforcement and industry to fight one of the fastest-growing cybercrime threats of the past year.

No More Ransom was launched in July 2016 by the Dutch National Police, Europol, Intel Security and Kaspersky Lab. BH Consulting is one of 20 new partners from across the public and private sectors which has joined the fight against a high-profile risk to many businesses.

BH Consulting will work with other partners in the anti-ransomware initiative to increase awareness of the risks posed by ransomware, how to manage those risks, and how best to deal with ransomware should a company fall victim to it. BH Consulting’s technical experts will also cooperate with other organisations to identify ways to detect, prevent, and recover from ransomware.

“Ransomware is rampant – we’re seeing more and more companies and individuals falling victim to it,” said Brian Honan, founder and CEO of BH Consulting. “No More Ransom is a great example of why reporting cybercrime is important. Law enforcement have reacted to this problem and worked with private industry to gather information from agencies around the world so victims have a resource to look at in the event they get hit by ransomware.”

According to Intel Security, ransomware incidents grew by 169% in 2015. Figures from the FBI show that criminals extorted $209 million from victims in the first three months of 2016. Ransomware is usually installed through a social engineering attack and then infects a victim’s computer by blocking access to their files unless they pay to have them released.

Some strains of ransomware raise the stakes further by threatening to destroy files permanently for every hour the ransom isn’t paid, increasing the pressure on victims to give in. Some targets have been forced to pay thousands of euro to try and retrieve their data.

The No More Ransom website (www.nomoreransom.org) provides information in several languages about how ransomware works and how to protect against it. It also hosts free tools to help victims decrypt their blocked devices, which more than 5,000 people have already used successfully.

Although these free tools block some forms of ransomware such as TeslaCrypt, Chimera, CoinVault, Rakhni and Wildfire, many other variants are emerging all the time. “Awareness of the problem is one of the most effective ways to stopping a ransomware infection,” added Honan. “There are several techniques an organisation can use to avoid this from happening. For example, ransomware uses peer-to-peer network traffic to communicate to the criminals, so businesses should block that traffic at their firewall. Backing up data systematically can also help to recover from ransomware. We also advise that organisations need to test those backups regularly,” he said.

“We recommend that victims don’t pay the ransom. It doesn’t guarantee that they will get their data back in 100% of cases, and payment only encourages criminals. We have also seen that once victims pay to have their data decrypted, they’re often targeted repeatedly because criminals see them as a soft touch,” Honan said.