Ransomware is an increasingly common method of attack, because it targets unwitting and unskilled consumers with ease. That said, in 2016, the NHS hit the headlines when many of its machines (old, often weakly secured!) were targeted with the Wannacry attack – so companies are by no means immune!
It is designed to infect your computer or network to harm you, usually for financial gain and predominantly by blocking access to your own data. It’s called ransomware because the most common objective is to demand money to restore your access. Payments are increasingly being demanded in hard-to-trace bitcoin or other crypto-currencies.
Like many virus attacks, the most common way for cyber criminals to install ransomware is to send you, or someone on your network, an email with an attachment. If they can trick you into opening the attachment, code will infect your computer or network, taking it over and locking you out. This process is called ‘phishing’.
(There are plenty of forms of ransomware that can penetrate your network without even needing to dupe you into opening an attachment, so don’t take the rest of your security protections for granted!)
Once downloaded or opened, the malware will infect your network and set to work encrypting all your files. The only way to decrypt them will be with a coded key that the attacker will offer you, usually in return for payment. There are other versions of the scam that are more akin to blackmail than kidnap; in these versions, known as doxware or leakware, the attacker will threaten to publicise the data they have taken from your network that might be commercially sensitive or highly embarrassing.
Naturally, prevention is better than cure, and cyber security courses will teach you how to protect your network from such malware. Good anti-malware programs are constantly updated as new threats become known, so accept all updates the program offers you or your network administrators.
If you are already compromised, your options are limited. Even so, we don’t advise paying ransoms. Not only does it render the scam a success (and attractive to replicate), often the scammers will not return your data. Indeed, some ransomware encryption tools are more like scramblers. You’re better off rescuing what you can, and swallowing a hard lesson! As with all malware attacks:
- Reboot your operating system in ‘safe mode’
- Install an antivirus/anti-malware program
- Scan your system to identify the malware or ransomware program
- Remove it, delete it and empty your trash/recycling folder
- Restore your computer and/or network
This, however, will not recover infected data. Operating systems can be restored to the last back-up prior to infection, which is why it is essential to maintain a regime of daily back-ups. And as we have said in a previous post, storing that backed-up data in encrypted form on another server means that the damage caused by the breach is kept to a minimum.