The first instance of an online extortion attack is credited to Joseph Popp back in 1989. Since then the frequency, delivery and scale of ransomware attacks has increased significantly; so what is ransomware and how does it work?
Being Held For Ransom
As the name suggests, a ransomware attack is where your data is held to ransom by the attacker. The data is usually encrypted and therefore inaccessible. Pay the ransom and the attacker will unlock your data.
Ransomware is a particularly nasty form of malware and digital threat. There’s usually some kind of ransomware headlining in the news around the world and those who are the victims are often at a loss as to what to do next.
Essentially, ransomware will infect an individual computer and one of two things can happen: first, it locks the computer, stopping all access to it from the keyboard, then it starts to search for data and encrypt the contents of the hard drive. Lastly it infects the boot sector of the computer and displays a message detailing the type of ransomware and how the individual will pay for the release of the data; the message can even have fake FBI warnings included with it.
Alternatively, and the second thing that may happen once a system is infected, the ransomware will lay in wait until a set time and date, then do all of the above and lock the computer. Waiting for a set time will ensure that numerous machines are infected before any fix can be discovered; also if all the infected machines are activated at the same time then there’s more of a chance of the attacker getting their ransom paid.
You normally have a set time in which to pay the ransom, usually 72-hours. If the victim doesn’t pay in time, the attacker can introduce a second phase into the ransomware code that will either increase the amount demanded or completely destroy the files that are being held at ransom.
Ransomware can be spread in a number of ways. The more popular choice of delivery is via an infected web page, some form of Flash script that has been hijacked and now contains a link to a remote server where the browser will unwittingly download the ransomware code. More recently there are instances of Drive-by attacks, where the ransomware code locates any USB sticks a user may have in their system and transfer itself in the knowledge that the stick will be inserted into a work’s computer.
The WannaCry ransomware attack from 2017 was by far one of the most prevalent in recent years. It’s estimated that more than 250,000 computers across 200 countries were infected, rendering the likes of big companies such as FedEx, Nissan Motor Co and Telefonica SA under siege from its demands. The National Health Service in the UK was hit too, resulting in weeks of chaos and disorder for the staff and patients alike.
How to Prevent or Recover from Malware
How do you avoid getting ransomware on your computer and what happens if you’re unlucky enough to be the target of such an attack? Here are some hints and tips for you.
Ransomware Tip 1 – Updates: The single most important factor of preventing a ransomware attack is to make sure that your computer has the latest updates applied. Ransomware code usually looks for vulnerabilities and weaknesses in the operating system but if they’re up to date and patched, then it’s difficult for it to activate.
Ransomware Tip 2 – Enhance your security: Whilst using the built-in Windows Defender anti-malware agent is perfectly acceptable under normal circumstances, it’s not as good at defending you as a dedicated Internet security suite (we’ll look at some later on). Consider paying for a higher end AV and security software to protect your computer.
Ransomware Tip 3 – Never insert a random USB stick: If you’ve found a USB stick somewhere, although the temptation is strong to see what’s on it, don’t stick in your computer. Not only could it be infected with all sorts of malware, it could also contain sensitive and confidential data. Either destroy it or hand it over to a security expert at work.
Ransomware Tip 4 – Protect your browser: Most ransomware attacks occur via a compromised website, it’s often best to install some form of script blocker, ad-blocker and security tool to your browser as an add-on. Firefox, Chrome and Edge all offer Adblock, and ScriptBlock as add-ons to help protect against a hacked site.
Ransomware Tip 5 – Backup: Set yourself a daily backup schedule, to a USB, cloud or network resource that’s separate from your computer. If your data is securely backed up, and you get a ransomware attack, then you can happily wipe your computer, re-install Windows again, then copy the saved data back over.
Ransomware Tip 6 – Never pay: Your data is locked, and there’s nothing that can be done by anyone to save it, so it’s really not recommended to pay the ransom. Nine times out of ten, the attacker will take the money and never unlock the data anyway. There’s also the threat of more malware being activated after payment.