Ransomware is a type of malware that encrypts files on your computer preventing you from accessing them. A ransom is then demanded to unlock the files. Instructions for paying the ransom, normally payable in Bitcoin, are then provided. If the ransom is paid, the criminals may provide a key to decrypt the data. Ransoms vary from a few dollars to many thousands.
How does ransomware work?
The first step of an attack is gaining access to your computer, the most common vector being through phishing spam. Phishing is spam masquerading as a trusted source to get the victim to divulge personal information that can then be exploited. Less common forms use security flaws in operating systems and applications, or through websites configured with ransomware packages that are activated when the website is accessed.
Once the PC is infected the ransomware begins encrypting the user’s files. These files are encrypted using a strong cypher that is nearly impossible to break and therefore requires a key to access. The user is then presented with a ransom note detailing instructions on paying the ransom.
Who is at risk?
Simply put, everyone. Though public sector and large organisations e.g. Healthcare with legacy hardware are particularly vulnerable to attacks.
Cloud storage is not immune to ransomware and while the likes of Onedrive, dropbox etc now include the ability to version restoring these can be an excruciating task.
How to protect yourself?
- Keep your operating system patched and up-to-date.
- Do not install random software off the internet, cracks or pirated products.
- Install anti-virus. Most paid-for anti-virus now includes some form of anti-malware/ransomware prevention. They are not perfect but will prevent being hit by older versions.
- Backups. Backups. Backups.
All my files have been encrypted, what should I do?
Can you restore from backup? If so, then do that. Can you live without the data?
If it is a company’s data that has been lost, do you have backups? Can you survive without it? What will it cost to recreate the lost data? Finally how much is the ransom and can you afford to pay it and the risk of NOT get your data back? Between 65%-70% of ransoms are honoured so there is a risk that the criminals will not provide a decryption key.
Many strains of ransomware have had their decryption keys released to the public by security companies, researches, or in some rare cases, the criminals themselves. So, if it is not critical data, hanging on to it until a key becomes available may also be an option for you.