What is Ransomware
In May 2017, the WannaCry ransomware attack made the world sit up and take notice. Whatever the other facts of the case are, the ransomware ironically exploited a vulnerability in the Windows OS for which patches were already available. What is ransomware and how can you protect yourself from it? What should you do when faced with a ransomware attack? Here are some tips from our cybersecurity specialists.
What is Ransomware?
It is a type of malware that encrypts your device files on infection and demands a ransom to decrypt them. Some ransomware lock your screen – you are essentially locked out of your system. You get a message on your screen with the ransom amount to be paid, mostly in cryptocurrency. The attacks can be on anyone, from a large no of individual users to entire networks, though it’s only the attack on bigger organisations that make the headlines.
Ransomware worms mainly infect your computer the same way as most malware infections – through malicious links or attachments in spam or social engineering emails, through malicious sites or recently through drive-by-downloads.
The ‘warning’ messages look like real warnings from legitimate agencies like law enforcement. The message may say that your computer is suspected of illegal activity and hence locked, and a specified sum be paid to the law agency to unlock it. This usually happens with attacks on individual systems. The attacks on larger networks are more sophisticated; the worms infect as many systems and files as possible without your knowledge before the actual attack. The warnings are open demands for ransom payments in return for decryption keys for your data, failing which your data is threatened to be deleted permanently.
How can you protect your organisation from a ransomware attack?
- The first step to protect yourself from ransomware attacks is to employ a good cybersecurity system. A good antivirus and antimalware software can help with individual systems. But if you have multiple devices connected to your network, go for professional cybersecurity services. Cybersecurity experts like Computing Australia provide a comprehensive cover – from vulnerability assessment to emergency response.
- Ensure that all security and OS patches are updated. Ransomware authors exploit known vulnerabilities to gain access to your system or network. Even after Microsoft released patches to fix the vulnerabilities that the WannaCry ransomware used, many organisations failed to update their systems. This caused subsequent attacks by variants of the ransomware that exploited the same vulnerabilities.
- Employee training is a must, as they are the frontline accessing the internet in most organisations. The general ways in identifying malware scams like phishing emails can go a long way in protecting from ransomware attacks.
- Most importantly, as much as it may seem tedious or unnecessary, create backups of your data regularly. You can use any method like external drives or USBs, though we recommend cloud storage as the best backup solution.
What should you do when faced with a ransomware attack?
While there are people who advocate ransom payment to get your system up quickly, we will never recommend it. For one, payment just goes to show that such malicious attacks work and encourages cybercriminals. Second, you are sending a signal that you are willing to pay – you will end up being attacked multiple times. Third, you are dealing with criminals; you can never be sure that your system will be unlocked or files decrypted once you pay the demanded sum. In fact, decryption may not be even possible many times.
So what should you do?
First, don’t panic. Panic leads to wrong decisions and can cause more harm than good. Contact your cybersecurity provider immediately. Dealing with ransomware attacks needs skill and fast response. A reputed provider will have emergency response systems in place. If you don’t have professional support or can’t get through to yours, the following steps can minimise damage, till you get an expert to support.
- Disconnect the infected system from the network to avoid the worm from spreading.
- Download a ransomware remediation security product and run a scan. This will clean up your system, though you may not get your files back.
- Restore your data from the backup.
- If you recognise a malware infection in action, shut down and disconnect the system from the network immediately. With the connection to the server lost, the malware will site idle once you reboot the system. Install a security software and clean up your system.
Vulnerabilities – A weakness, flaw or error in software, hardware or network that can be exploited to gain unauthorised access to the system.
Drive-by-download– Downloading of malicious code without any prompts or interaction by the user. The malicious code takes advantage of OS or browsers that have not been updated.
Cryptocurrency– In simple terms, it is digital money. It is an online digital currency that is not controlled by a government.