Ransomware, the Basics.

Posted on |
Blog- Ransomware

What is Ransomware?

Ransomware is a form of malicious software (malware) designed to target computers (across all formats, PCs, laptops, tablets, smartphones, network devices and even connected appliances, including cars) and extract a ransom payment from users of infected devices.

Although any computer operating system has the potential to be infected, most variants target and are restricted to infecting devices running variants of Windows (as both the recent high profile examples have been), this is mainly due to the greater number of devices that run them making them richer pickings than other systems. It’s worth noting there have been significant increases in malware on smart phones and mobile devices, with Android devices by far the most effected, and we will have some more advice on mobile devices in later articles.

Most ransomware is designed to prevent you from accessing your data, often by encrypting your files. It affects word documents, spreadsheets, presentation slides, photos … pretty much everything you have on your computer, and is used either to demand money, asking affected users to make online payments, or simply to cause disruption (for example to political ends).

It can use various and sometimes multiple methods to spread, including infected software updates (widely believed to be the initial source of the NotPetya virus), email links (the primary method used by WannaCry), internet downloads, websites you visit, and too many more to mention here.


What can I do to start protecting myself and my business?

Protecting IT systems from malicious attack is a complex task, but there are some basics we can all do to help to protect ourselves.

Backup data, ideally automatically and regularly, and keep some of the previous copies to allow you to restore a version prior to infection (viruses can remain dormant for some time before becoming operational). At least then you can recover in the event of a ransomware attack. Consider your interval between back-ups and base it on the amount of work you can risk losing if compromised, versus the overheads of making the backups.

Change passwords and user names from the “default” settings when you buy new computers or software. Change passwords to something more complex and therefore more difficult to compromise.

Update software (e.g. Microsoft Word, Excel, PowerPoint) and operating systems (e.g. Microsoft Windows, Mac OSX) by installing recommended updates as soon as they are issued (see here to verify your computer’s update settings: Cyber Essentials Guide to getting updates). Individual applications also have update settings, which can be found by referring to the software’s documentation.

Run anti-virus. If you don’t use an anti-virus program, most PC operating systems come with a tool included, and although some of these are not considered the most effective, they provide better protection than none. Use the following links to see how to check the status of an included Anti-Virus program.    Windows        Mac OSX (and check system and security updates are included).

Restrict administration rights – Administrative rights are needed for certain tasks like installing software, or changing computer settings. Most of us don’t need them for our day to day work, so they should be restricted to people who actually need them to do their job. Those people should also only use a log-in with administrative rights for the element of their work that requires it (and log back in as a normal user when that task is complete).

Be wary downloading or buying software from unknown sources, and especially downloading applications and software from websites you are unsure of.

Check links (within emails, on websites etc.) before clicking on them. You can usually see the address you will be taken to if you hover over a link, so make sure this is where you expect to be taken (here is an example that takes you to the Cyber Essentials website instead of FictionBank.com). This is a highly effective method of phishing on twitter due to the short URLs used in tweets.

Switch it off or uninstall it if you don’t need it. Computers, devices or applications still running that are no longer used can provide additional opportunities for malware to enter systems.

These are some usually simple, low cost and easy to adopt ideas, but these should be the first steps to addressing your wider approach to security. More will follow in future articles, but in the meantime consider additional steps such as those outlined by the UK Government Cyber Essentials scheme and in this Guide.


What can I do if I already have a problem?

If you have access to technical support, contact them straight away. They may be able to identify the strain of malware, and take more targeted steps to try and halt the malware on your machine and protect other machines becoming infected.

If you don’t have access to technical support, isolate devices by unplugging network cables and switching off Wi-Fi. (CAUTION: potential wider impact should be considered before isolating devices). The most effective way would be to switch off routers, switches and wireless access points. The chances are this won’t help you, but might just help prevent malware spreading to your colleagues. If you’re not sure which is your network cable, unplug everything and switch off your computer.

You will need to rebuild your computer (whilst still isolated). This means reinstalling your operating system from scratch, and restoring your files and data from back-up.

If your malware encrypted data is so critical to your business that you would consider paying the ransom, be aware that you may not succeed. You are dealing with criminals so there’s no guarantee they’ll do what they say. Additionally, the IT Industry, law enforcement and governments try to shut down communication mechanisms associated with such attacks as soon as possible once detected.

Once you have your systems back up and running, you may still be vulnerable – follow the guidance above on how to start protecting yourself and your business, but remember these should be the first steps towards a more comprehensive security programme.