Ransomware is a sophisticated malware attack that takes advantage of security weaknesses in computer and server operating systems. Ransomware then encrypts all files on server file shares making them completely unreachable. The cybercriminals then demand a payment request, normally payable in bitcoins to provide you with the code to decrypt the files and make them accessible again.

Can I Ignore the Request?

Ransom requests normally come with a deadline, if the ransom request goes unpaid within that timeframe the ransom escalates. It is possible to recover files and restore service from the last good backup or server image, but this can take a substantial amount of time with systems unreachable during that time. However, if you do not have a backup in place and you adopt not to pay the ransom you will not be able to unencrypt or access the files.

What happens when I pay the Ransom?

When you pay the Ransom, you are normally provided with a code that unlocks your files.
Ransomware often returns again and again to those who do not take the necessary precautions after the first incidence.

How does the Ransomware Spread?

Like most malware attacks, Ransomware depends on human interaction to download the malicious code without their knowledge. Malware typically spreads itself by email, embedded in attachments such as ZIP files or hyperlinks inside PDF/Word attachments. When attachments are opened or clicked on, the code can then take advantage of the security vulnerability in computer and server operating systems.

How do I protect my data and systems from Ransomware?

Big organisations and especially home users overlook the basics when it comes to protecting themselves from malware attacks and Ransomware is no different. Attacks are predominantly random which means that small and large businesses and home users are vulnerable.

Some Advice

  • Keep operating systems patched and firmware updated. Treat this as critical proactive maintenance that must be carried out regularly. Do not depend on automatic updates to assume that this is done correctly.
  • Educate end-users, as they are often the biggest flaw when it comes to cyber security. Provide short-lived class room type sessions that present examples of phishing emails and encourage a questions and answers format
  • Ensure you have a working backup and imaging solution in place that you can recover from in the event of an attack.
  • Ensure you have email protection in place. I would even recommend that multiple layers of email protection be implemented to keep up with the level of sophisticated email attacks.