Image from PCMag.com

Ransomware, beware!

Over the past couple of years there have been news articles relating to Ransomware, but it has not been so common as it is now. A recent resurgence in a new iteration (dubbed WannaCry) has lead to many large companies being effectively shut down. Alongside the money-makersand big corporate targets, our own health sector (namely the NHS) was all but shut down Friday 12th May 2017. An article detailing the initial event and subsequent spread can be found on here (source: The Guardian).

It has always been important to ensure your security is up to date and your passwords are not basic, but companies really need to take a harder look at these in today’s age.

What is Ransomware?

In basic terms Ransomware is form of malware which, once loaded on to a machine, encrypts all of your files and shuts down essential services that run your computer. You are unable to open any of your files or even use software (i.e. web browsers) as every file is locked down. This malware can come from a variety of sources: email attachments, unsecured/fake webpages, etc.

In most cases the user is presented with a screen stating all the files are locked and will be deleted within a certain time if a ransom is not paid – hence Ransomware. Once paid, these people will send you a code to enter in to the Ransomware screen to unlock everything.

Payment is made using the online Cryptocurrency Bitcoin (current worth of 1 Bitcoin is approximately £1,300). Most demands range from 0.1-0.2 Bitcoins (roughly £250-400), but do you really think they will let you go if you pay? In most cases where the ransom has been handed over, the user does indeed receive the code and get the use of their PC, but not even a day later (as the malware is still present on the machine) the same thing happens, only this time with an increase to the ransom amount.

What do I do if I get infected?

First: DO NOT PAY THEM ANYTHING.

Even a small payment counts as a success to these groups and the attacks will only continue. Not to mention the fact you will have to go through it again as the Ransomware is not deleted simply by paying.

Second: Contact the company/individual who is responsible for your computers and network. In most offices nowadays, the systems carry out an automated back-up of files which can be recovered. This may mean you lose a couple of days of work, but for the sake of getting rid of this malicious software (and more importantly not paying them) it is a small price to pay.

Thirdly: Ensure that every bit of security on your machine is up-to-date. Whether this is Windows own built-in firewall/defender or a third-party, it is imperative to ensure they are updated with the latest malware information to protect you.

Lastly: Ensure your operating system is fully up to date.When new malware of this nature comes in to existence, the creators of the operating systems release patches to close up any exploitable openings that they may be using

How do I stop this happening in future?

By updating your antivirus, firewall and operating system you are closing up any exploitable gaps the malware can use, but the best defence is yourself:

  • Ensure you check any emails/attachments before opening them:
    • Is it an address you recognise? Most commonly the emails indicate an outstanding invoice and make a good effort to look like a probable supplier; you need to be vigilant and vet your emails carefully
    • Do not open any files with macro content: Macros are a set of commands that can be put in to various documents that, when opened, will install the malware on your machine. Your email program will normally state if this is the case with the attachment, so just be sure and check thoroughly
    • If you’re unsure ask your IT support: They would rather you ask them the question than potentially take down the network
  • Ensure your password is far from standard:
    • A mixture of upper and lower case letters
    • At least one symbol (!, @. %, $, etc.)
    • At least one number
    • Try not to use things relevant to you, i.e. date of birth, friends/family names, etc. (who knows what information potential hackers may have on you)
  • Take care and don’t rush in: If you see something you do not recognise or simply feels wrong, ask.

Useful links and information