What is Ransomware?
Ransomware is a particularly nasty malware or virus that encrypts user data on a computer rendering the data unreadable unless a payment (ransom) is made to decrypt. Data affected will include all major and important types – Documents, Excel spreadsheets, PDF files, image files, etc. This is very bad news indeed, very clever too.
How does it get on computers?
Predominantly by email attachments; or compromised websites via out-of-date browsers; or inappropriate internet surfing. Other routes of infection would be via out of date software applications; or infection from another infected computer via a network, USB disk/pen, mapped network drive, etc.
How to avoid Ransomware
The most common ways these nasties get through is by end users allowing them through by mistake. Educating end users is key.
- Be extremely careful opening emails. Check and verify senders, subject, etc. before opening emails. If in doubt, leave it out! If it’s too good to be true it’s not true! The internet is awash with phishing emails. A good Cloud email provider will filter most of these out – make sure you use this type of service.
- Have up to date anti malware and antivirus running on all your computers & Servers. Next generation AV protection is best.
- Keep passwords unique and complex. Change regularly.
- Keep Windows and applications up to date. Particularly Flash and Java.
- Ensure your IT have set up the necessary blocks on Server Operating Systems.
- Not exactly avoidance but a solution to an infection – have a ROBUST BACKUP and DISASTER RECOVERY (DR) solution: regularly, reliably and efficiently. If you have this to fall back on you will be very pleased following an infection.
How to deal with an infection
If you suspect a computer has been infected with this malware, turn it off immediately and contact your IT support. Do NOT turn it back on; Disconnect it from any network.
The ethics and morality of this aside: Pay. We have heard and understand that paying the ransom will result in the decryption of your data. The rogues that do this stuff ensure this is the case – it is how they make a living. A hard lesson, costly maybe; however, probably less costly than losing all your data. We appreciate some people will not pay on principle.
Prevention is best….. But….Should it happen to you….
Currently we do not know of a way to decrypt files once they have been encrypted in this manner. Encryption is designed this way which is why it is used by Governments, the Military, Windows, Macs, smartphones, tablets, etc. There have been organisations claiming to resolve the encryption but we have no hard evidence of this. From our perspective if a computer is infected, the data are encrypted and without the decryption key the affected data are rendered unusable.
If your computer or computer systems have robust and regular backups & a fully tested DR, a ransomware infection will be an inconvenience, not a huge cost. On site, off site, regular, full and tested.
Read more See https://fightransomware.com for more information and more detailed reading.