What is Ransomware?
Ransomware is a dangerous type of malware that works by locking up or encrypting your files so that you can no longer access them. It is often activated by the unsuspecting user clicking a dangerous link in an email or online. It usually relies on the unsuspecting end user taking an action that allows the malware / virus to penetrate your IT system.
A ransom, often in the form of cryptocurrency, is demanded to restore access to the files, or to prevent data and intellectual property from being leaked or sold online.
The malware prevents you from using either a single computer or your whole network, including servers and other network devices.
Steps you can take to prevent a malware / ransomware attack
- Keep devices up to date – ensure that computers, phones, tablets, servers etc are regularly patched
- Use antivirus software – ensure a quality antivirus solution is in place
- Use ransomware protection – this is often in addition to antivirus measures
- Ensure backups are configured – regular backups should be in place for your critical data
- Ensure backups are tested – there is little point having backups if they are untested. At least once a year a full backup integrity test should be performed to make sure that the backups can be used in the event of a significant event
- Turn on Multifactor Authentication – most online software vendors encourage users to turn on 2FA / MFA – this is a vital step to prevent unauthorised access to your software and data
- Implement access controls – control who has access to devices within the organisation and also what they can do on those devices
- Use cloud services – cloud computing is considered far more secure than in house equipment because the cloud vendor takes responsibility for many things you would otherwise need to do yourself
- Provide staff with cyber security training
Further steps you can take at an end user level
- Don’t trust email from people you do not know – avoid clicking links
- Avoid downloading and installing software from non-reputed vendors
- Be especially careful with links to reset your password
What to do if you are hit with a ransom attack
Record all the information associated with the attack, including taking photos of any demands in case they can self-delete themselves after you see them.
Immediately turn your infected computer OFF to prevent a virus from jumping to other machines in the network. Also disconnect all other devices from the internet.
Using a “clean” computer, start changing your passwords as a precaution.
Contact a professional IT company like The Computing Australia Group, who are experienced in handling issues of this nature. We can also advise you if you need to report this to authorities like the police or government department.
Recovering from a ransomware attack
In the event that you are hit by a ransomware attack, it will demonstrate to you that your systems are not secure and we recommend the following steps be taken: