What is ransomware?

Ransomware is malware used by cybercriminals to encrypt organisations’ systems in order to demand a large sum of money in exchange for unlocking them. These days, cybercriminals also threaten to publish the stolen data, which is how, for example, Odido’s customer data ended up in the public domain. 

Our Executive Director, Rob Mellegers, has previously negotiated with hackers who use ransomware and are after a ransom. ‘It often starts with a phone call from a company. They realise they can no longer use certain programmes. It has even happened that a letter rolls out of the printer stating that they have been hacked.’ After that phone call, the ball starts rolling. ‘Communication with the hackers often goes very smoothly. You’re sent a link that takes you to a secure portal where you can communicate with them.’ Then it’s a matter of finding out what the hackers want in order to deactivate the ransomware. And whether the hacked company can meet the conditions set by the hackers. ‘The hackers know exactly what they can and cannot ask of you, because they’ve long since figured out what your turnover is. Sometimes you can still negotiate, but sometimes you can’t.’ 

After negotiations, the hackers often apply pressure to ensure payment is made on time. Many companies are increasingly complying with this. On the one hand, because security measures are constantly improving and hackers are able to steal less and less data, and on the other hand, because the sums demanded are getting lower and lower.  In the case of the Odido hack, it turned out that the hacker group was known for publishing the hacked data after payment had been made. That was the reason why they did not pay the ransom and a huge amount of customer data was leaked after all. Rob’s opinion? ‘The public often has an opinion on whether or not to pay the ransom, but ultimately, the organisation’s management is the only body that can determine the organisation’s risk appetite. That is why they are also the only ones capable of deciding whether payment should be made or whether measures should be taken in another way.’ 

Rob also sees a trend regarding the use of ransomware. ‘It is being used more and more frequently and, unfortunately, you can never completely avoid it, but you can better protect yourself by, for example, having regular penetration tests carried out, commissioning a so-called OSINT (Open Source Intelligence) investigation, or ensuring an adequate automatic backup of your data in accordance with the 3-2-1 principle.