Ransomware: the scale of the threat – and how not to pay

Chris Allen, consultant, lecturer and researcher in organised crime, has seen ransomware explode in this year of the pandemic… and has a sustainable answer to avoid payment


The hideous ‘new normal’ phrase that forced itself into our national consciousness during this year’s you-know-what crisis may have come from a public health context but it is equally applicable in the world of ransomware, where attacks on corporate systems have become a depressing reality of modern life.

In July, Blackbaud – a leading cloud software company contracted to manage the data of at least seven UK universities – was subject to a ransomware attack, resulting in staff and students at York, Oxford Brookes, Loughborough, Leeds, London, Reading, University College Oxford and Exeter unable to access files until a ransom had been paid.

A statement from Blackbaud admitted that the cybercriminal removed a copy of a subset of data from their system, prior to being locked out, adding that they’d not accessed any financial information. They added: “Because protecting our customers’ data is our top priority, we paid the cybercriminal’s demand with confirmation that the copy they removed had been destroyed.”

share