What is Ransomware?

March 18, 2017

 

 

 

 

Ransomware is the fastest growing form of computer malware, experts warn.

 

It's a malicious virus that locks the user out of their computer and demands a fee to return their files.

 

A report published by the Australian government claims 72% of businesses surveyed experienced ransomware incidents in 2015.

 

The figure was just 17% in 2013 .

 

It's also a growing threat for mobile devices as it can be hidden in an app.

 

Ransomware is delivered through drive-by downloads - it pretends to be a popular app, increasing the chances that you'll click on it.

 

To avoid these threats, users should be very careful about what apps they install, and where they come from - read the reviews on Google Play, and avoid side-loading from untrusted sources.

 

 

How does it work?

 

The ransom is usually demanded in the form of bitcoins.

 

Like most computer viruses, ransomware often arrives in the form of a phishing email, or spam, or a fake software update - and the recipient clicks a link or opens an attachment.

 

The virus then sets to work encrypting the user's files.

 

Once the computer is effectively locked down, it demands a fee - often in bitcoins because it is less easy to trace - for the return of the files.

 

The fee is generally one or two bitcoins - the equivalent of about $500 (£330).

 

It is less common now, but in the earlier days of the malware - about five years ago - the ransom note could take the form of a law enforcement notice.

 

The user was directed to a web page that appeared to be from, for example, the FBI, falsely claiming illegal images of children had been been found on the machine and a fine was payable.

 

There is generally a time limit to comply, after which the ransom increases.

 

 

Is there any way to get round it?

 

Sometimes it is just a threat, but mostly the virus really does encrypt files.

 

The only way to retrieve your files without paying the ransom is to have a back-up of all your files.

 

You had to recover everything from back-up. Ideally you have an automated back-up which would normally backup every hour when the computer is on and then if an infection does attack you PC then everything can be recovered from the backup.

 

You could risk paying them - but this is like paying a blackmailer. We don't recommend this as it then leaves you vulnerable to further cybercrime. As soon as you pay up, you get on a list and you'll probably get contacted again.

 

In the scheme of things you don't know that they'll clear the infection.

 

 

Do many people pay?

 

The official advice is not to pay - but many do.

 

While all the expert advice is, of course, not to pay, plenty of people do - even those you would least expect to.

 

 

Who is behind it?

 

Organised crime gangs use computer viruses to generate money

 

Recent research by Palo Alto Networks and industry partners suggested one family of ransomware known as Crypto Wall had generated about $325m (£215m) for the gang behind it.

 

"In the volume cybercrime space, ransomware is one of the most prolific problems we face," Greg Day, chief security officer for Europe at Palo Alto Networks, told the BBC last month.

 

"Credit card theft is getting to the point where the value of each card is very low. As a result, ransomware has stepped into that gap and gives a higher value for each victim."

 

What can you do to protect yourself?

 

There are several things you can do:

 

  1. Make sure you have Malware Protection installed be a free one or one that gives your realtime protection. 

  2. Make sure you never open a email attachment you are not expecting, these infections can come in the form of invoices, receipts, PDF's, Pictures, HMRC, Delivery Note etc, if you are not sure don't open it...

  3. Have a backup of your files and do this regularly, Ransomware can infect every file on your computer within seconds and there is no way of Decrypting them once encrypted.

  4. Choose a cloud backup service that can restore your files easily as Ransomware will change the file format and if you are using a external drive this could override those files.

  5. If you have malware protection installed and you run this regularly to make sure there is nothing lurking in the background.

  6. If in doubt contact GreyFusion as we have helped several clients who have been hit by this virus.

If you have any questions or concerns please contact us either by email info@greyfusion.co.uk or call 01993 869218 and we can check your system and give you advice..

 

 

 

 

 

 

 

 

 

 

Share on Facebook
Share on Twitter
Please reload

Need help with your computer?

Need help with your computer?

01993 86 92 18

GreyFusion

Your IT help desk

T: 01993 86 92 18
E: info@greyfusion.co.uk

  • Facebook Clean
  • Twitter Clean
Witney, Oxford, Oxfordshire,

 

© 2020 - GreyFusion