What is ransomware?
The escalation in the use of ransomware attacks for financial gain has raised awareness in organisations around the world of the importance of cyber security. What is ransomware and how do you defend yourself against a possible attack?
What is it and how does it work?
Ransomware, in IT, is a type of malware or malicious code that prevents use of the equipment or systems it infects. The cybercriminal takes control of the infected computer or system and "hijacks" it in various ways, encrypting the information, blocking the screen, etc. The user becomes a victim of extortion, being asked for a ransom in exchange for recovering the normal functioning of the device or system.
Ransomware is used to make a financial gain through extortion of its victims.
What should you do if your system is infected and how can you delete it?
Once infected by ransomware, disinfection is not easy, and is often impossible, since these solutions are imperfect and produce very modest results. It is very important not to pay the ransom requested by the attackers as there is no guarantee that they will return the equipment back to its normal condition.
Once infected, the most effective treatment is formatting of the infected computer(s) and restoring the backups of them.
Inform the authorities and remember that as a Spanish company, INCIBE can help you free of charge and confidentially by calling 017.
Prevention is the best cure, following the recommendations set out in the following point.
How can you protect yourself against a ransomware attack?
In order to prevent possible ransomware attacks, it is recommended that you implement a series of measures that should be considered as a good starting point for protecting your personal and business data:
- Keep equipment, systems and applications up to date and patched.
- Install anti-malware systems on your computers and ensure that malware detection signatures are updated daily.
- Use anti-spam measures in email.
- Make backups of the equipment and systems.
- Train and make staff aware of good IT security practices and the permitted uses of systems, equipment and applications:
- Do not open attachments from unknown senders or even if they are known when they send attachments that you are not expecting, until you can verify whether that person actually sent the email.
- Before you click on a link in an email, move your mouse over it or right click on it to see what the link is and where it takes you. In the event that there is something suspicious and we need to go to the legitimate site, type the URL directly in the browser or in a search engine.
- Be especially careful when browsing websites that you don't know or are not familiar with.
Some examples of ransomware
Some of the main types of ransomware are:
- Scareware: malicious software that appears to be an anti-virus and displays messages that the computer is infected and a payment has to be made for a feature that corrects the alleged problem.
- Screen blockers: is a type of ransomware that runs and blocks the screen of the computer making it impossible to use it until after the payment of a sum of money. It usually shows an image of an organisation or law enforcement agency that says that illegal activities have been detected on your computer (software piracy...) and that you must pay a fine in order to use the equipment.
- Encryption: is the most media-friendly type of ransomware. It has been used to undermine various organisations and has been publicised in the media. It is constructed so that the malware encrypts all files on the device, preventing their use and requesting a rescue so that attackers can send the decryption key and manual to recover the information.
Keeping equipment, systems and applications up to date, and having up-to-date anti-virus software, combined with respect for good security practices, mitigates most of the risk of a possible attack through ransomware.