The rise of ransomware - Are you safe? | Sandfield

Posted by Justin Knight - 04 August 2016

Ransomware has become so lucrative and widespread that cyber criminals have set up sophisticated businesses with dedicated call centres and sales and marketing functions.

"Never before in the history of humankind have people across the world been subjected to extortion on a massive scale as they are today." -

They have a professional looking interface to take your money and even allow you to test unlocking some sample files to reassure you before parting you with your money.

The locking and encryption of data has also improved and industry experts now suggest paying the ransom over trying alternative methods to get your files back.

Ransomware has recently been taken a step further where they resell their product to lower level criminals as a service dubbed RaaS (Ransomware as a Service). They then market these services to other "bad guys" on the dark web.

Ransomware attack levels are increasing and showing no signs of going away. If you have been watching the IT news you may have noticed reports of both; new Ransomware variants such as Zepto, Teslacrypt and Locky; and more frequent Ransomware phishing attacks, targeting customers of well known companies.

What is Ransomware?

The most common Ransomware is a form of malware that encrypts the victim's files, preventing access to the data or system, and requests a ransom payment in return for the decryption key to recover the encrypted files.

Ransomware is on the rise

"93% of phishing emails are now ransomware" -

The earliest record of Ransomware was from 1989 but extortionate ransomware didn’t become prominent until 2005. Encrypting ransomware become more widely known in 2013 with the infamous Cryptolocker. Although Cryptolocker operators were taken down in 2014, new variants were released and it continued to grow. “2015 also saw a doubling of the number of cryptolocker attacks [compared to 2014], with Kaspersky Lab detecting cryptolockers on more than 50 thousand corporate machines”. Ransomware attacks are continuing to rise and Kaspersky Lab recently detected that in Q1, 2016 “the number of attacked users increased by 30 percent compared to Q4, 2015”.

As long as the business of Ransomware continues to be profitable this number is likely to keep rising. Ransomware continues to diversify, attacking mobile devices (iOS and Android) and the ever growing number of connected devices such as smart TVs. According to Symantec research, “hundreds of millions of internet-connected TVs are potentially vulnerable to click fraud, botnets, data theft, and even ransomware”. These devices may have greater risk of infection as they are less likely to have malware protection or to be behind a firewall.

"In Q1 2016, attacked users increased by 30%"

Furthermore, some ransomware now also threaten to publish the victim’s files online unless they pay. Unfortunately backups, the usual last line of defense, can’t protect your data from this threat. As a recent example, a blackmail trojan called Chimera threatened to publish photos and other personal information.

Business Risk

As well as disruption to business and loss of data, businesses risk damaging their reputation.

There can be significant disruption to business as, depending on the type of data affected, critical business functions may no longer be able to operate. The disruption can be lengthy while trying to determine the scale of the infection and the best options for recovering data. Factors to consider include:

  • what data was locked
  • if local backups were also locked
  • options and costs to pay the ransom
  • what data was successfully backed up
  • time elapsed since the last backup and the infection
  • estimated restore time particularly if from tape or remote site

"Hundreds of millions of internet-connected TVs are potentially vulnerable"

If your data is not backed up frequently you risk losing critical company data permanently as not all Ransomware operators return your data even after the ransom is paid or the cost may be prohibitive. Also, depending on when data was encrypted, your most recent backups may be useless and contain locked files forcing data to be restored from an older point in time (assuming you have multiple restore points).

These security breaches can really hurt a company's reputation particularly if it includes their customer's private information. Customers lose trust and no longer feel their data is safe. Also, many customers may have been impacted by the disruption, further impacting your reputation.


As it is almost impossible to unlock your data without paying a substantial ransom the best solution is prevention and preparation. This requires a multi-pronged approach:

    1. Perimeter Protection - ensure mail filters, web filters and managed firewalls are enabled and configured as per the vendor’s recommendation.
    2. AntiVirus - should be installed on all devices on the company network that users interact with and on all machines that hold company data. Keep definition files updated.
    3. Security Updates - must be kept up to date, not only for Windows but for all operating systems and applications.
    4. Education - staff education is critical as new attacks are always finding ways to bypass the above protection. A key message to get across is, think twice before you click:
      1. Only open attachments and links from sources you trust.
      2. Even if you know the source, question if the content looks suspicious.
      3. Double check the domain of a link and the extension of an attachment.
    5. Backups - frequent backups of all important data, with multiple restore points, ensure that even if you get infected your data is safe. Also, ensure that laptops are considered in your backup strategy as mobile users often have data that has not been saved to the cloud or company network and therefore not backed up.

Ransomware is the top cyber security threat facing businesses today. As it continues to evolve and diversify we need to stay vigilant and ensure we are aware of the risks and the best ways to be prepared and protect our data.


Justin Knight leads the Infrastructure team and has been with Sandfield for 11 years. Justin enjoys designing robust solutions to host and deliver our customers applications and watching the team learn and grow with the ever-changing IT landscape.

Outside of work Justin is usually busy working with his family on their little farm, planting trees, raising animals and enjoying the produce from their land. Playtime often involves kayaking or swimming at the local beaches and estuary or walking and mountain biking through the forests around Northland.


IT management you can trust

Sandfield provides a range of infrastructure support services. The expert team offers end-to-end support to efficiently maintain a range of server environments, ensuring systems adapt with the business as it grows. We understand the importance of these mission-critical systems; the reliability, availability, supportability and manageability of them has a major impact on the success of your business. The infrastructure team services include: Hosting - application delivery, disaster recovery, DBA services, security, and monitoring to name a few. Get in touch if you’d like to discuss a way of doing things to get your business ahead.


Related Articles


Why you should add 'My Vaccine Pass' scanning to your customer...

23 November 2021

The introduction of the NZ COVID vaccine passport, ‘My Vaccine Pass’, is a positive indication that the country is gearing up to re-open. Whilst hospitality, gyms, events...

Read more 


We’re ISO 27001 certified, is it worth it?

22 February 2021

In late 2019, we embarked on a project to make Sandfield completely ISO 27001 certified. At the time we didn’t know much about the journey — it’s likely you don’t...

Read more 


Why move your business to the Cloud now?

08 September 2020

Have recent events and all this talk of ‘pivoting’ given you the motivation to look at how to best future-proof your business, from the system architecture up? As an IT...

Read more