Incidents of cybercrime have been steadily rising over the last number of years in Ireland. In recent months there have been reports of a particular type of software being used which encrypts a computer and demands payment for the encryption key. This type of software has appropriately been named “ransomware”. In 2015 a European wide survey conducted by Eurobarometer found that 7% of Irish computer users have fallen victim to cyber criminals using ransomware. Updated figures for 2016 have not yet been published but in recent months companies providing I.T. Support have been stepping up their efforts to educate their customers on how to prevent ransomware attacks.
Irish Legislation surrounding this area has attempted to stem some of the issues which cybercrime has created. The Criminal Justice Act, 2011 at Section 3 mentions “relevant offences” which refer to offences set out at schedule 2 of the Act. These offences are quite broad in scope. One such “relevant offence” which may potentially be a valuable mechanism in keeping up to date with cyber criminals is Section 9(1) of the Theft and Fraud Offences Act, 2001 which makes the “dishonest use of a computer” an offence. It may be that the use of ransomware is caught within this offence, but until a case comes before the court this area remains uncertain.
There is the potential for clarity through the new Criminal Justice (Offences Relating to Information Systems) Bill 2016. This new piece of legislation will have the effect of harmonising member states criminal law relating to cybercrime as set out in the Cybercrime Directive 2013/40. This new piece of legislation will define offences relating to hacking, malicious software, interfering and/or intercepting data without lawful authority and the use of a code or password for one of the aforementioned offences.
It appears that under this new legislation ransomware which is a type of malware will be categorised as an offence. Until such time as the Cybercrime Directive is transposed the law governing ransomware remains uncertain. One can only hope that effective legislation comes into force and in the meantime precautions should be taken to protect computer users from falling victim to ransomware.
How to help prevent a Ransomware Attack
There are a number of ways that a computer user may be able to defeat or minimise the harm caused by ransomware;
- Always backup your data regularly.
- Keep your operating system and software up to date
- Use a reputable anti-virus/anti malware application
If you believe that you have opened a file that contains ransomware – immediately disconnect your computer from the network as you may be able to prevent the download of ransomware that may lock your computer.
Please note that the above tips are used for guidance purposes only. Professional Information Technology Support should be sought in order to effectively prevent against the effect of ransomware. Anyone who has fallen victim to ransomware or believes they are at risk should contact an Information Technology Support Specialist and contact the Gardai as appropriate.