HomeInsightsInformation Commissioner’s Office republishes blog on ransomware and how to prevent attacks


+44 (0)20 7612 9612

Following the recent ransomware attack on the NHS, the ICO has republished its blog on ransomware that was first published in December 2016.

The blog explains that modern ransomware attacks work by infecting a host computer and encrypting files that they can locate on the hard drive.  Some variants also scan the local network for files in other locations that they will then encrypt.

The attacker will then issue a ransom demand, typically for a few hundred pounds, to be paid in the digital currency Bitcoin.  The sum must be paid in order to gain access to the decryption key and therefore regain access to the information stored in the files, although there is no guarantee that the attacker will release the key.

The most well-known type of ransomware attack enters an organisation’s network as an attachment to an email.  If the attachment is opened, it will then take advantage of any vulnerability in the operating system or other installed software (such as a word processor) and start the encryption process.

However, the blog continues, there are other methods by which ransomware “payloads” can be delivered into systems, such as via remote access and remote control applications.  If the use of a remote control application is necessary, then strong credentials should be used, two-factor authentication should be employed where possible, and the application itself should be kept up-to-date.

The blog also explains how a ransomware impacts on data protection, how to prevent an attack in the first place and how to ensure a full recovery.  To access the blog, click here.