Ransomware: What It Is and How to Protect Yourself Against It

Was your computer one of the estimated 200,000 machines that were left debilitated by last week’s global cyber-attack by ransomware known as ‘WannaCry’? Did you even know that ‘ransomware’ was a thing, and would you know what to do if your computer ever came under attack?

Just as companies are coming up with new ways to protect themselves and their customers, hackers are constantly coming up with new ways to attack companies – whether to steal data or, in the case of the recent ransomware attack, to prevent users accessing their files until they pay up. But that doesn’t mean you’re entirely defenceless.

As an ISO 27001-accredited software house, we’re strongly committed to information security – both ours and yours. We’re recognised as a business that, according to ISO, ‘ensures that products and services are safe, reliable and of good quality’, and that means our customers can trust to keep all their data secure; they can expect minimal impacts on their training business, and they can trust our enhanced information security management.

With that in mind, let’s take a look at what ransomware actually is, how it works, and how to prevent a cyber-attack on your own machines.

Ransomware 03.jpeg

What is ransomware?

Ransomware is a malicious virus that, depending on its sophistication, can encrypt your system, files or hard drive. Since it’s impossible to de-encrypt files without an encryption key, your computer is essentially rendered inaccessible by hackers who, as the name ‘ransomware’ suggests, hold your system hostage until a ransom is paid.

Usually, this ransom is demanded in untraceable, non-refundable bitcoins – in the ‘WannaCry’ attack, hackers initially demanded the relatively modest $300, rising to $600 if payment wasn’t made within 3 days. That’s just small enough to be tempting if it means regaining everything from personal photos to crucial business proposals, although experts agree that you should never pay a ransom – because it acts as an incentive for hackers to target you again, and there’s no real guarantee that your files will be restored anyway.

Lower level ransomware can, technically, be easy to by-pass if you have enough computer knowledge. But for everyday users, even the most basic form can be bad news, forcing businesses to grind to a halt. Generally, it infects a computer through a Trojan horse; a seemingly innocent file attachment that hides a devastating payload. That’s exactly what happened in the ‘WannaCry’ attack.

So, where did this particular exploit come from? Well, according to Brad Smith, Microsoft’s chief legal officer:

‘We have seen vulnerabilities stored by the CIA show up on WikiLeaks, and now this vulnerability, stolen from the NSA, has affected customers around the world.’

Indeed, so bad was the threat that Phillip Misner, Microsoft’s security response team, said:

‘We know that some of our customers are running versions of Windows that no longer receive mainstream support. That means those customers will not have received the Security Update released in March. Given the potential impact to customers and their businesses, we made the decision to make the Security Update for platforms in custom support only, Windows XP, Windows 8, and Windows Server 2003, broadly available for download.’

What’s even more interesting about the latest assault is that it’s the first time we’ve seen this particular malware coupled with a worm – and it’s the worm that allows the hack to infect other computers on the network, rather than isolating a single machine. All it takes is for one person to open an infected file, and it’s game over for every networked computer.

Ransomware 01.jpeg

How to prevent ransomware

However scary it might be to find your computer’s been taken over, there are ways to prevent ransomware from getting inside your machine. Professor Alan Woodward, a cybersecurity expert, believes we should ‘practice ABC - assume nothing, believe no-one, check everything.’

1. Keep your computers updated

The most basic fix is to ensure what Europol dubs ‘good digital hygiene’. That means running an up-to-date operating system like Windows 10, with up-to-date security patches. Back in March, Microsoft patched the vulnerability that allowed this ransomware to take effect – but that’s small beer for institutes like the NHS, which was found to be running Windows XP (an operating system that Microsoft no longer supports) without the appropriate security updates.

2. Be wary of email attachments

The second most important factor is to be wary when opening email attachments. That’s chiefly how Friday’s ransomware was spread: An infected file was opened, allowing the malware to infect unsecured computers across the network. Often, we can spot a phoney email, but hackers are becoming as sophisticated as they are devious, so what might look like a legitimate email from someone within your company could be nothing more than a phishing scam. Look for tell-tale clues like typos, and design factors like the font and formatting. If it looks questionable, don’t risk downloading the attachment.

3. Discuss best practices with staff

If you’re in charge of a company or heading up a department, now’s also the time to educate your employees on the dangers. Make sure everyone on the team knows not to click unknown links or download suspicious attachments in emails from untrustworthy sources (watch out for .exe file types, in particular, which are executable file formats that are run as programs).

4. Maintain regular back-ups

Another example of good digital hygiene is to keep back-ups of everything – whether or not you’re at risk, this is a sound business move. It’s important to note, too, that these back-ups should be available offline so that if another ransomware attack is carried out, copies of your files are inaccessible to hackers and cyber-attackers. 

Ransomware 05.jpeg

What to do if your computer’s infected

If you discover your computer has been infected with ransomware, the first step is simple: Don’t panic. The second is just as easy: Don’t wait for a fix to appear. Sure, eventually your anti-virus program may come up with a fix, but you’ll need to let your IT manager know the moment it happens.

So, what next?

If you’re dealing with a basic form of ransomware, entering Windows Safe Mode and running anti-malware should solve the problem. It’s also possible to bring computers back from the brink by performing a system restore, which rolls back programs and system files to a previous state (hopefully pre-infection).

Tried that and still no luck? For those held hostage by ransomware, it’s time to perform a clean install of the Windows operating system. Essentially, you’re wiping the slate clean here, so consider this a last resort.

Now it’s time to prepare the damage. If your files aren’t encrypted – if, say, the ransomware simply locked you out of the computer but didn’t touch your files – then you’re in luck. You might also notice that it seems you’re missing certain files. If that’s the case, it’s worth checking to see if the malware has simply ‘hidden’ your files; just enter File Explorer and force the system to show any hidden files and programs.

If your data is encrypted, though, you could be in trouble. Encrypted files can’t be opened without de-encryption tools, which makes it tempting to pay the ransom. Our advice is: Don’t. Hackers are rarely trustworthy sorts. So, the only real course of action if all your files are encrypted is to ensure you have offline back-ups.

When it comes to ransomware, prevention is better than cure.

How accessplanit maintains information security

Our ISO 27001 certification means technological safety is paramount at accessplanit. We don’t just blindly follow best practices; instead, you can rely on us to focus on security in absolute depth. Better still, ISO accreditation means everything we do is documented, which lets several staff members undertake security measures and assessments, rather than relying on a risky single point of contact.

Our focus on information security doesn’t end there, either. We have a wide selection of measures to ensure the protection of our data and yours.

Find out more about accessplanit and our secure training management solutions by downloading free brochure.

accessplanit brochure

You may also enjoy…

DDoS Attacks: What They Are and How to Prevent Them (or 'Did I Just Help Break the Internet?')

How Does Training Automation Benefit Your IT Team?

What We Can Learn About Automation from Technology Leaders