I am sure you will all have seen the recent global WannaCry Ransomware outbreak on the news and I am sure you have all been left with questions surrounding how this happened and as such have concerns about your own computers security.
The good news is so far this attack has only affected medium-large organisations due to the method the attackers have used to load the virus onto computers, but the windows systems the ransomware has been affecting are identical to the windows systems people run at home and as such your computer may be open to the same exploitation as those in this attack.
So what is Ransomware? Let’s start with the basics, Ransomware is just a label for a group of malicious software (or malware) programs that lock your computer in some way and demand a ransom to unlock it. These packages are often attached to malicious emails in the form of either infected files or by way of an internet link that downloads the file to your computer.
Ransomware typically operates in one of three ways:
3. Rogue Anti-Virus Software – The most basic level often presents as a form of anti-virus software informing you that you have a number of viruses on your system and inviting you to buy the software to remove them. Despite the look, these are usually simple infections and a regular scan of your system with an anti-malware package such as Malwarebytes or similar should rid you of the pest.
2. Locky type – This form of malware often displays a full screen window shortly after booting up that informs you your computer has been locked and demanding a ransom to unlock it. The software also hides icons and files on your desktop and documents folders to give the impression they have deleted your files. It can be difficult to know whether this software has encrypted your files but a fairly easy way to tell is to boot your computer in safe-mode without networking, login as the default administrator account and see if your files are still there and accessible. If they are good news, your files have not been deleted or encrypted and the virus can usually be easily deleted by remaining in safe mode and completing a virus scan using a dedicated anti-malware package such as Malwarebytes.
1. CryptoWare – By far the worst of all types of ransomware, this evil software will infect your computer entirely and will encrypt all files, display a full screen warning informing you that your files have been locked and demanding a ransom by a specific date before the cost either increases or your files are deleted. The software also often has the ability to replicate itself and infect other computers on the same network. If you have been infected by CryptoWare then your only hope is that you have a backup of all your important data as the only way to ensure a completely clean system is to wipe the computer and re-install windows.
As you can imagine seeing any of these on your computer can create a great deal of alarm and distress and you may be tempted in a blind panic to just pay the ransom and get your files back. Our advice would be to avoid payment at all costs as there is no guarantee the attackers will return your data and you could just be wasting money and fuelling the fire.
If you have been infected with any of the above, the first thing you need to do is stop, physically disconnect the device from your network either by unplugging the network cable or by disabling your WiFi. Next you need to establish what level of infection you have, if it looks like an anti-virus software that you don’t recognise and it is saying you have a virus infection the simple thing to do is complete a scan with Malwarebytes or similar and then reboot your computer. This should fix your problem and all your files should be safe.
If you have a full screen warning informing you your files have been locked then the solution is a little more complex. First you need to boot the computer in safe-mode without networking and, as said above, establish by logging into the administrator account if you can access any of your files. If you can the solution is to perform a scan with Malwarebytes or an equivalent package to remove the infection and then reboot your computer. If you cannot access your files because they have either been deleted or encrypted then your only option to ensure a completely clean system is to wipe your device completely and reinstall your system either from a backup or from scratch.
Often this can be a very daunting and confusing process to carry out if you are not familiar with the process and I would recommend that if you get stuck or become unsure at any point then you consult an IT professional for advice.
How to prevent an attack
The good news is the latest string of attacks have exploited a vulnerability that Microsoft has since repaired so providing your computer is up to date with the various Windows updates you should be fairly safe. That said, here are three steps to keeping yourself as safe as possible:
1. Windows Updates – Microsoft release large numbers of updates to repair the vulnerabilities identified in its operating systems. As painful as it can be sometimes to let these install and update, they really are the most important step you can take to protect yourself against an infection. Waiting 20 minutes or so for updates to install will be far less painful than being told you have lost all your data and need to start again. It is also worth ensuring your Windows Firewall is turned on and up to date to prevent against the initial infected files even reaching your PC.
2. Good Anti-Virus Software – Second to the Windows updates is the necessity to have a good reliable Anti-Virus software and again keep this up-to-date with the latest definitions. Kaspersky and Sophos are excellent packages and while these cost they will pay dividend in stopping infections and removing malicious files. Often these premium packages come with additional features that scan your emails and rate the websites you visit to alert you as early as possible to malicious material.
3. Internet Etiquette – Finally the most practical step to avoiding infections is simple internet etiquette. In relation to emails this is as simple as not clicking on links or attachments in emails from an unknown sender or that appear in your junk/spam folders. It is also worth checking the web address of a link in a Google search and if it looks suspect or you don’t recognise it – DON’T CLICK IT!
The bottom line is Ransomware is a nasty collection of software packages that are there to cause nothing but misery and pain for the victim but it could be incredibly simple to protect yourself against it by following the steps above.