What is Ransomware?
Ransomware is malicious software that can be installed onto your computer either via an email or through a compromised website. The ransomware software can take many forms but the main reason to be careful is once your machine has become infected the software will deny you access to your files until you pay a ransom.
Not only does the ransomware software encrypt files on your local computer, the software also has the ability to encrypt any files that you have access to via a mapped drive. Once this has happened this can lead to an awful situation for your company whereby access to your files is denied which can bring your business to a halt.
Imagine having all of your files that you use on a daily basis encrypted and un-useable. We have seen it happen.
Once your files are encrypted by the ransomware software, you will be taken to a webpage explaining what you need to do in order to de-crypt your files. It will also display a time limit, whereby once this period has ended the price to de-crypt your files will be doubled or even trebled. Most ransoms can start anywhere between £500-£1000.
If you decide to pay the ransom, it will mean that you have to use a form of e-currency such as Bitcoin. Once the hackers have your money they release a decryption software that you can run and decrypt all of your files. However, as we have seen it is not an easy way of resolving the issue, as the complexity around purchasing Bitcoins at the price of the Ransom is a long, drawn out process.
How do I become infected with Ransomware?
In order for your machine to become infected with ransomware, a user would have to do one of the following;
Open an email
This is by far the most common form of becoming infected with a virus, and in this instance one that contains ransomware. A user will receive an email from an email address that contains an attachment. On first appearance, this email can look genuine and at times may even come from an email address of somebody that you have had contact with in the past. If a user receives an email like this, with an attachment or even a link to a download of a piece of software, or an alleged Dropbox link to a set of files, once they have clicked on the file or link their machine will become infected with the Ransomware.
Download from Infected Website
This can happen when a user visits a website that has been compromised with the ransomware software. By browsing to the compromised website you may be asked to download a specific piece of software and by agreeing to this you are allowing your computer to become infected.
Free or “cracked” software
Another way to become infected with ransomware is to attempt to download a free piece of software. This software can come in a variety of forms such as “cracked” version of expensive software and/or games. By downloading and installing this software you give the hacker the ability to bypass all of your firewall and anti-virus software.
When you install software of this type, you are also installing a sleeper version of the ransomware which may not become activated for some weeks.
What if I become infected?
Once you have determined that you have become infected with the ransomware virus it is critical that you take immediate action.
Immediately disconnect your computer from the network. Either unplug the network cable or shut down your computer. Unplug any USB devices that you may have connected to your machine. Do not panic and delete any files that you feel may be the virus.
2. Investigate what has been infected.
At this point you need to verify which files have become encrypted, and how far across your network this has spread.
You need to check files on the following;
Network Storage such as NAS drives
USB devices such as USB hard drives
Cloud based storage such as Dropbox, Google Drive, Microsoft OneDrive, ONcloud
3. Prepare how to recover your files
Now that you understand what has been infected with the ransomware you can make a decision about what you need to do. You essentially have 4 options that are been listed in the order of what it is best to do and what is your last resort.
a. Restore your files from a recent backup
b. Decrypt your files using a 3rd party decrypter (Although there is a very slim chance of this working)
c. Do nothing and lose the data that has been encrypted
d. Pay the ransom
How to protect yourself from ransomware
Whether you have been infected with ransomware or not, protecting your computer and network from these types of attacks is an important part of your on-line security. Below of some the options that we recommend you have at all times when using a computer.
This is the default standard in using a computer in this day and age. Having Anti-Virus software protection is a must. It is vital for standalone computers as well as computers that are part of a larger network. Keeping your anti-virus software current and up-to-date is a high priority for remaining protected by this software. Whilst it will not be able to catch absolutely everything it will certainly be a major benefit along the way.
Backup your files
Ensuring that you are taking regular and successful backups is imperative to ensuring that your data is protected. If you become heavily infected with ransomware, the only real way to ensure that your data is safe is to restore this from a recent backup. You have to be aware that it may take an extended period of time to realise that your files have become encrypted, and if this happens you may find that you have to restore back to a backup before the attack.
Ensuring that you are keeping regular and an archive of available backups is of high importance for a variety of reasons but in the case of ransomware is really your only way out of the mess that ransomware will cause.
Email Spam filtering
Having your email scanned via external email spam/virus filtering software can help to reduce the amount of virus emails that are delivered to your inbox. This will result in more of these messages being caught by your filtering software so that you do not have to see them and delete them before you open.
Emails are often dealt with at a high speed, as you have many other tasks that you are doing at the same time, and when you see an email that appears to come from somebody you know, or from somebody that you have had contact with in the past it is easy to assume that the email is genuine. Only when you inspect the email message further do you realise that it is fake, and often this is then too late.
Email Spam Filtering can take this risk away.