What is Ransomware and how to protect yourself

In light of the recent ransomware attack on the NHS which made headlines globally, many are left wondering what next for these cyber criminals?

What is Ransomware?

Ransomware is a malicious type of malware which encrypts data and restricts access to the computer and its data files unless payment is received within the given time frame.

In the last couple of years ransomware has drastically grown destroying and infecting businesses and individuals. These ransoms demand payment in Bitcoins, a type of online currency that cyber criminals like as it’s untraceable.

The name of the ransomware which hit the NHS was called ‘WannaCry’.

What is WannaCry? How does WannaCry get into a computer?

The contamination appears to be implemented via a computer worm – a malware computer program that replicates itself in order to spread to other computers.

As soon as WannaCry has embedded itself inside an organisation it finds vulnerable machines within the network and infects them as well.

Some specialists say the recent attack might have been constructed to take advantage of a weakness in systems, as many NHS trusts continue to use Windows XP which is out-dated unsupported software.

How does the computer become infected?

There are several different ways your computer can get infected by ransomware:

• Usually you’ll receive an email containing an attachment impersonating an official organisation with a notification or request about an order or delivery for example.
• If you visit a website which is infected ransomware can get in that way. Viruses are normally disguised as offers prompting you to update frequently used software like Flash Player which pops up on insecure websites.

As soon as you open up the attachment or click to download a file on a website, you jeopardise infecting your computer with ransomware.

It’s not visibly apparent at the time of infection as your files and data are encrypted in the background.

Once it’s finished encrypting the screen is obstructed with a notice demanding payment in substitution for your files to be decrypted. There is usually a countdown timer for payment to be received before the decryption key is destroyed and your files are deleted forever.

What to do? How to protect yourself?

Ransomware is incredibly tough to stop. The only protection is having a backup of your data but even that can become infected from ransomware if accessible from the infected computer.

• It’s highly advised to have more than one back up in place, physically on an external device as well as in the cloud
• Install paid antivirus software and run computer scans frequently
• Ensure your operating system and software is kept updated
• Be cautious of email attachments and pop-ups. Be extremely vigilant. Look carefully at the sender’s email address to see if it’s coming from a genuine address. Pay attention for typos and grammar mistakes in the email message. Remember organisations will never ask you for sensitive information.

What to do if you’ve been infected by ransomware?

Firstly disconnect your computer from the internet to avoid it from spreading to other machines.
If your data is precious and you don’t have a backup of the encrypted data files then you may be left with no other option but to pay the ransom. Even still, there is no 100% guarantee you will get your data back.

There are lots of different types of ransomware in circulation, here are some names of the most recent:

CryptoLocker
Locky
HydraCrypt
ZCrypt
Petya
HydraCrypt
Cerber
RAA ransomware
CryptoWall
PowerWare
CTB Locker
Jigsaw
KeRanger
LeChiffre
TeslaCrypt
TorrentLocker
WannaCry
Crysis
Zepto