With the recent ransomware attacks on a Queensland hospital and aged-care facilities, ransomware is once again in the spotlight.
So what is ransomware? And how can you prevent it?
What is ransomware?
Ransomware is a kind of malware which infects a victim’s device to encrypt their files. Once the files are encrypted, the attacker demands a ransom in return for a decryption key that will restore access to the files. This is usually done through a cryptocurrency.
How does ransomware work?
Ransomware can infect a computer in several ways, but the most common is by phishing spam. These usually involve attachments within spam emails. Once opened, the file activates and then performs encryption of the user’s files.
Other forms of ransomware exist and some are extremely dangerous, being able to infect a computer without having to trick a user into downloading or installing anything.
Once activated, the most common form of ransomware encrypts either a part, or all of the computer’s files. These are not able to be decrypted unless the encryption key is handed over by the attacker, usually in exchange for untraceable cryptocurrency such as Bitcoin.
How to prevent an attack
There are several ways to prevent a ransomware attack, as well as several methods to reduce the impact of such an attack on your device. Following these steps will actively increase the security of your devices, so we recommend following them at all times.
- Never open, download, or install suspicious files or software. If you cannot trust the source of the file or don’t know what it is – don’t install it. And definitely do not give it administrative privileges.
- Ensure that your device is up to date with current patches. Operating system updates often include security updates which counter new circulating malware, so updating can be a great preventative measure.
- Install antivirus software. Antivirus software will act as a second barrier, protecting your device. A good antivirus will detect malware such as ransomware before it can infect your device.
- Back up your files. This way, if you are a victim of a ransomware attack, all your files are still accessible to you, and the damage of the attack is lessened significantly.
What do you do if you’re the victim of ransomware?
The first thing to do when affected by ransomware is to ensure that it actually is ransomware, and not another kind of malware referred to as “scareware”. This is malware which may be easier to remove and far less dangerous, but is used to scare people into paying a ransom.
So what do you do when actually affected by ransomware?
Remove it
Depending on the sophistication of the malware, it may be possible to remove the malware. Usually this will be done by rebooting into safe mode, installing anti-malware software, and restoring the system to a state prior to the malware infection.
However, this will not remove the encryption on your files. And it will also prevent you from decrypting them if you receive the key from the attackers.
Pay the ransom
The first point to consider is that law enforcement agencies generally recommend not paying the ransom, as it is seen to incentivize the creation of more ransomware. While this may be the case, many people will still pay the ransom depending on the importance or value of the files at stake.
You have to weigh your options. Have a look at what files have been lost, and how important they were to you. There is always a chance that the attackers will not provide the decryption key after payment – in fact, there might not even be a decryption key.
If the files are extremely important to you, then you can decide on a case-by-case basis whether you want to pay the ransom. Perform a cost-benefit analysis and think critically before you send any money to anybody.