Ransomware Warnings and What to do
Ransomware is a type of malware (malicious software) that has gained notoriety in recent months due to high profile cases of companies being infected and forced to pay a ransom. In the first half of 2017, we have seen destructive ransomware variants infecting both Private & Public Sector.
What is it?
- Ransomware is a malicious software that aims to restrict or deny access to computers or files, and it demands a ransom payment to restore access.
- Ransomware has been around for years in different forms, all of which attempt to extort money from victims.
- Cybercriminals attempt to infect computers, network files shares, cloud storage locations, or any other location where sensitive data is located.
- Often victims are directly notified – either by a message window that blocks the entire computer screen or a text file left where your data was located, saying unless a ransom is paid, access will not be restored.
- The ransom varies between $100 and $500 and often must be paid in virtual cryptocurrencies such as Bitcoin.
- There are two types of ransomware:
- Locker Ransomware: locks out access to the computer by generating a pop-up message blocking access to the computer. The message will often contain content claiming to be from law authorities indicating that you have been found carrying out illegal activity and that a ‘fine’ must be paid in order to restore access to your computer.
- Crypto Ransomware: restricts access to files by encrypting them. This version is much more serious because often the encryption algorithms used cannot be broken.
How do I get infected?
- Clicking a malicious link in an email
- Opening a malicious attachment in an email
- Clicking an advertisement on the internet
- Plugging a USB stick or other removable media into your computer
- Downloading an untrusted application or software
How do I protect myself?
- When browsing:
- Don’t download any unapproved software, especially from free sources. There have been some ransomware variants that pose as software, even appearing in trusted application stores like Apple’s App Store.
- Do not click on advertisements. Ransomware is commonly delivered through malvertisments (malicious advertisements). Cybercriminals will compromise a website’s ad with programs that when clicked can cause ransomware to download onto your computer.
- For email:
- Check who the email is from. Is the email from someone you don’t normally communicate with? Is the email uncharacteristic for someone within your organization? Is the address from a domain you don’t recognize? If the email appears to be from a credible source, such as a bank or internet service provider, verify with the organization that the message is legitimate. If the email came from a personal contact, verify the email came from them.
- Check the content of the email. Does this email seem to come out of nowhere? Is it referencing some previous communications, meeting, or dialogue that you are not aware of? Is the email a reply or a forward that you were not involved in or expecting? Is there bad grammar or spelling?
- Do not click links or open attachments. Does the link or attachment not make sense based on the sender? Does the link or attachment claim to be exposing something embarrassing for you? Does the link or attachment claim to be protecting you from some negative consequence? If you hover over the link, does the website being displayed match the link? It is best practice to search for the link on your own in a browser rather than clicking on the link.
What to do if you are infected:
- Turn off your computer immediately. If you have a desktop that means unplugging. If you have a laptop that means holding the power button until it turns off.
- Contact you help desk or IT company. Notify them immediately that you may have fallen victim to ransomware.
If you’re unsure if an email is safe ask for a second opinion, better safe than sorry!