Ransomware and How To Protect Yourself
I am sure you will all have seen the recent global WannaCry Ransomware outbreak on the
news and I am sure you have all been left with questions surrounding how this happened and
as such have concerns about your own computers security.
The good news is so far this attack has only affected medium-large organisations due
to the method the attackers have used to load the virus onto computers, but the windows systems
the ransomware has been affecting are identical to the windows systems people run at home and
as such your computer may be open to the same exploitation as those in this attack.
So what is Ransomware? Let's start with the basics, Ransomware is just a label for a
group of malicious software (or malware) programs that lock your computer in some way and demand
a ransom to unlock it. These packages are often attached to malicious emails in the form of
either infected files or by way of an internet link that downloads the file to your computer.
Ransomware typically operates in one of three ways:
1. Rogue Anti-Virus Software - The most basic level often presents as a form of anti-virus
software informing you that you have a number of viruses on your system and inviting you to
buy the software to remove them. Despite the look, these are usually simple infections and
a regular scan of your system with an anti-malware package such as Malwarebytes or similar
should rid you of the pest.
2. Locky type - This form of malware often displays a full screen window shortly after
booting up that informs you your computer has been locked and demanding a ransom to unlock
it. The software also hides icons and files on your desktop and documents folders to give the
impression they have deleted your files.
It can be difficult to know whether this software has encrypted your files but a fairly
easy way to tell is to boot your computer in safe-mode without networking, login as the
default administrator account and see if your files are still there and accessible.
If they are good news, your files have not been deleted or encrypted and the virus can
usually be easily deleted by remaining in safe mode and completing a virus scan using a
dedicated anti-malware package such as Malwarebytes.
3. CryptoWare - By far the worst of all types of ransomware, this evil software will
infect your computer entirely and will encrypt all files, display a full screen warning informing
you that your files have been locked and demanding a ransom by a specific date before the cost
either increases or your files are deleted.
The software also often has the ability to replicate itself and infect other computers on
the same network. If you have been infected by CryptoWare then your only hope is that you have
a backup of all your important data as the only way to ensure a completely clean system is to
wipe the computer and re-install windows.
As you can imagine seeing any of these on your computer can create a great deal of alarm
and distress and you may be tempted in a blind panic to just pay the ransom and get your files
back. Our advice would be to avoid payment at all costs as there is no guarantee the attackers
will return your data and you could just be wasting money and fuelling the fire.
If you have been infected with any of the above, the first thing you need to do is stop,
physically disconnect the device from your network either by unplugging the network cable or
by disabling your WiFi. Next you need to establish what level of infection you have, if it
looks like an anti-virus software that you don't recognise and it is saying you have a virus
infection the simple thing to do is complete a scan with Malwarebytes or similar and then reboot
your computer. This should fix your problem and all your files should be safe.
If you have a full screen warning informing you your files have been locked then the
solution is a little more complex. First you need to boot the computer in safe-mode without
networking and, as said above, establish by logging into the administrator account if you can
access any of your files. If you can the solution is to perform a scan with Malwarebytes or
an equivalent package to remove the infection and then reboot your computer. If you cannot
access your files because they have either been deleted or encrypted then your only option
to ensure a completely clean system is to wipe your device completely and reinstall your system
either from a backup or from scratch.
Often this can be a very daunting and confusing process to carry out if you are not familiar
with the process and I would recommend that if you get stuck or become unsure at any point
then you consult an IT professional for advice.