What is Ransomware?
Ransomware is software that is created by cyber criminals and used to block access to your computer and / or computer files. With the block in place you are effectively held to ransom with no access to your data until you pay the ransom fee.
Initially it was pretty much just home users who were targeted but the audience now includes businesses of all sizes and even large enterprises. The key causes of infection are through emails or links on webpages to download software. The email messages can appear quite legitimate and usually contain a link to the ransomware or have it embedded as an attachment. Download links on what often appear to be legitimate websites are also a key source of infection.
What does it do?
Clicking on a link in an email, opening an attachment or unwittingly downloading it as part of another software download is all it takes for the ransomware to take hold and begin encrypting your data.
Particularly malicious ransomware variants such as Cryptolocker have been known to bring entire companies to a halt. If your workstation has been compromised and is on a corporate network, the ransomware can spread through the network, compromising computers, servers, file shares and even cloud storage areas if they are accessible at the time of attack. Removable devices such as USB hard drives and pen drives can all become infected too. In short you can see how easy it could spread if you don’t have sufficient blocks and precautions in place.
Tips to avoid being a victim of Ransomware and what to do if you get infected
There are a number of things you can do to safeguard your computer and data from ransomware. The first two of these safeguards are simple (but definitely not infallible.):
- If you have been sent an email and you are unsure whether it is legitimate or not, delete it. This sounds obvious but you would be surprised how many people click on links and attachments though curiosity.
- Websites offering free applications and downloads should be avoided unless you are sure they are legitimate.
- Make sure your data is backed up regularly. This is the most effective way of making sure you can recover your data in the event of a ransomware attack. Just make sure your backups are to locations that are not constantly mapped with a drive letter on your workstation. USB Devices such as pen drives should be disconnected when not in use.
- Make sure your workstation is protected using proprietary security software which will alert and block anything it sees as suspicious. New ransomware variants are being created regularly to try to bypass security software so make sure you run security update checks regularly.
- If you think you have clicked on something that you suspect is ransomware, disconnect your workstation from the network as quickly as you can. Disconnect any network cables from the infected machine / disable any WiFi connections you are connected to. This will minimize the potential spread of the ransomware. Similarly, if you have a pen drive or USB drive connected, disconnect it and have it checked for infection prior to further use
The guidance outlined above by no means constitutes a finite list but it should help in minimising the damage if you do get infected.
For further information, or if you would like a review of your current setup in terms of the risks ransomware could pose to your organisation, contact us using the form below.