We’ve been asked about this more than anything else over the last few weeks and it is in the news again, with Sky News reporting a widespread attack on University College London.
Ransomware is malware that infects your computer and either locks you out of your system or prevents you from accessing your files. According to Microsoft, the number of enterprise victims being targeted by ransomware is increasing.
Probably the most common delivery method is as an attachment to an email. However, it can also be disguised as a software update or system alert, or secretly bundled with another piece of software. For example, you might be on a website and a popup will say that you need to update your Antivirus or Adobe PDF software. Unusually in the case of WannaCry, the ransomware was spread by code developed by the American NSA which exploited a (now-patched) Windows vulnerability.
Once the malware has done its work a ransom notification appears demanding payment in order to regain access – often low enough to make it ‘worth’ paying. Already, over 50% of UK companies have been hit by ransomware and almost 60% of them paid the ransom.
But why should you have to?
Fortunately, there are things you can do to reduce the likelihood of it happening to you.
1. Don’t install anything you aren’t 100% sure about – ask us if you’re in any doubt. In fact we recommend that most users do not have the privileges to install new software on their computer by default. That one step safeguards against most entry points. We can help you perform a review of users’ privileges, and implement any changes needed.
2. Keep your software up-to-date. That means acting on those annoying warnings from Microsoft, Apple, Adobe etc. that your system needs to be updated. If we are looking after your IT system, this is part of our job, and we’ll manage the updates and provide advice or warnings as necessary.
3. Don’t assume Antivirus software will protect you – although it will certainly help. Ransomware changes all the time and often relies on tricking the user. It’s impossible for any Antivirus company to stay ahead of the game. Forewarned is forearmed.
4. Use an advanced email security and protection system such as Mimecast Email Management or Microsoft Office 365 Advanced Threat Protection to help prevent future attacks. Whilst the most popular email systems, Microsoft Exchange, Office 365 and Gmail filter for malware and spam, they don’t currently inspect attachments and links in emails to check how they behave and where they lead. This is one reason why the most common route to introduce Ransomware is via email.
One last thought…
If you realise that you are the victim of a ransomware attack, your files or computer will have been encrypted. We probably can’t unencrypt them. But we can restore from backups if a proper system is in place – but it has to be correctly set-up. Storing a copy of your files on a USB stick or external drive isn’t a ‘proper’ backup system.
Please ask us if you are in any doubt about anything on your computer or elsewhere on your IT system – for the sake of a quick email or phone call you could save yourself a lot of hassle and expense.