Ransomware White Paper October 2018

This document provides an overview of the guidance from SWGfL.

Download the Report 

Download the Report 

Introduction

Ransomware attacks continue to cause issues for a range of organisations, including schools. This document provides an overview of the guidance from SWGfL.

What is Ransomware?

Ransomware is a form of malware that interferes with data on your device, or your device itself.

It enables criminals to encrypt or lock your data or your device from a remote location, and then informs you that they will not be unlocked unless you pay money (the “ransom”) for their release.

There are different types of ransomware which behave in slightly different ways, including:

  • Encrypting ransomware: the most common form of ransomware, encrypting ransomware (or 'crypto ransomware') prevents access to files or data, usually by encrypting them;
  • Non-encrypting ransomware: also called ‘screen lock’ (or ‘locker’) ransomware, non-encrypting ransomware prevents you from using your device, often by disabling the majority of features and enabling the user only to interact with the ransomware;
  • Leakware: also called ‘Doxware’, leakware attacks threaten to publish information stolen from your device; and
  • Mobile ransomware: specific ransomware strains have emerged that target mobile devices (since encrypted data could often be easily restored by the user through re-synchronisation of the mobile device), usually employing ‘locker’-type approaches or attempting to gain access to connected ‘cloud’ accounts.

Like other malware, ransomware targets any user, whether at home, work or school. There is also no guarantee that paying the ransom (or doing whatever else the ransomware tells you to do) will provide you with access to your device or files.