What is ransomware?

Thousands of computers across the globe were hit by a ransom-demanding malware. DW explains what ransomware is and how to avoid becoming the next victim.

Symbolbild Kreditkartenbetrug Cyberkriminalität (imago)

A massive global cyberattack infected tens of thousands of computers in nearly 100 countries by exploiting vulnerabilities believed to have been exposed in documents leaked from the US National Security Agency.

Friday’s attack used a type of malware known as ransomware to extort money from victims, including governments, companies and organizations.

Read: Spread of global cyberattack curbed — for now

DW explains what ransomware is and how to avoid becoming the next victim.

What is ransomware?

Ransomware is malware that encrypts files on an infected computer or mobile device. The ransomware locks the computer and prevents users from accessing files, documents and pictures until payment is made.

Symbolbild Computerprobleme in Großbritannien (picture-alliance/AP Photo/@fendifille )Major organizations across England reported problems with their computer systems as a result of an apparent cyberattack

How does a computer get infected with ransomware?

Computers are typically infected when a user opens a link or email attachment from a malicious email message. Known as a phishing email, the message is often sent from an email account disguised to look like it is coming from a known or trustworthy entity. Hackers can also plant malware on websites.

Sometimes a user may not be immediately aware the computer is infected. Some types of ransomware, such as the one used on Friday, show a “lock screen” notifying the user their files have been encrypted and demanding payment to unlock the files.

How does payment and unlocking work?

The ransomware demands the user pay to have the files decrypted. Payment, often with the anonymous virtual currency Bitcoin, allows the user to access the files with an encryption key only known by the hacker. As in Friday’s attack, the payment can go up if it is not made within a short time frame.

If the payment is not made within a certain time period, the encryption key is destroyed and the files are lost forever.

Wiesbaden BKA Vorstellung Lagebericht Cybercrime 2015 Ransomware (DW/M. von Hein)A typical ransomware infection will show a message telling the victim to pay a ransom to decrypt files

Should you pay ransomware? 

Law enforcement agencies advise against paying ransom. They say payment encourages criminal hackers, and there is no guarantee that after payment access to files will be restored.

What can you do to protect yourself against ransomware?

Exercise caution before clicking on an email link from an unknown or potentially disguised source. Users should also install security updates on their computers and back up their files to avoid losing them in case of an attack.

Friday’s attack targeted a known vulnerability in the Windows operating system. Microsoft said it had released Windows updates to defend against the ransomware used in the attack, but not everyone installed them.

Microsoft releases protection for out-of-support products Windows XP, Windows 8, & Windows Server 2003: http://msft.social/VIIqP4 

Customer Guidance for WannaCrypt attacks

Microsoft solution available to protect additional products Today many of our customers around the world and the critical systems they depend on were victims of malicious “WannaCrypt” software….

blogs.technet.microsoft.com

Why are businesses vulnerable to ransomware?

Larger businesses, organizations and governments may not install security updates immediately because they have their own security measures in place. Hackers target businesses because they calculate that they are more likely to pay. Businesses may have sensitive data and do not want to disrupt operations. Restoring files may also be more expensive than paying the extortion fee.

How can you get files back?

Without paying the extortion payment it is very difficult to save the files. There are instances of hackers creating weak malware that is capable of being broken. In one case, a hacker regretted creating malware and published a master key for files to be decrypted. In another case, law enforcement seized a server with keys on it and shared it with victims.

Law enforcement agencies and computer security companies have keys to some ransomware to decrypt files, but with a growing number of different malware most ransomware cannot be decrypted.

DW RECOMMENDS

Published by

gabugo

Author, Pastor, Development and Valuation Surveyor, CEO LandAssets Consult Ltd., Publisher, The Property Gazette.

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s