I am sure you will all have seen the recent global ransomware outbreaks such as the #WannaCry & #Locky outbreak on the news and I am sure you have all been left with questions surrounding how this happened and as such have concerns about your own computers security.
The good news is so far this attack has only affected medium-large organisations due to the method the attackers have used to load the virus onto computers, but the windows systems the ransomware has been affecting are identical to the windows systems people run at home and as such your computer may be open to the same exploitation as those in this attack.
So what is Ransomware? Let’s start with the basics, Ransomware is just a label for a group of malicious software (or #malware) programs that lock your computer in some way and demand a ransom to unlock it. These packages are often attached to malicious #emails in the form of either infected files or by way of an internet link that downloads the file to your computer.
Ransomware typically operates in one of three ways:
3. Rogue Anti-Virus Software – The most basic level often presents as a form of anti-virus software informing you that you have a number of viruses on your system and inviting you to buy the software to remove them. Despite the look, these are usually simple infections and a regular scan of your system with an anti-malware package such as Malwarebytes or similar should rid you of the pest.
2. Locky type – This form of malware often displays a full screen window shortly after booting up that informs you your computer has been locked and demanding a ransom to unlock it. The software also hides icons and files on your desktop and documents folders to give the impression they have deleted your files. It can be difficult to know whether this software has encrypted your files but a fairly easy way to tell is to boot your computer in safe-mode without networking, login as the default administrator account and see if your files are still there and accessible. If they are good news, your files have not been deleted or encrypted and the virus can usually be easily deleted by remaining in safe mode and completing a virus scan using a dedicated anti-malware package such as Malwarebytes.
1. CryptoWare – By far the worst of all types of ransomware, this evil software will infect your computer entirely and will encrypt all files, display a full screen warning informing you that your files have been locked and demanding a ransom by a specific date before the cost either increases or your files are deleted. The software also often has the ability to replicate itself and infect other computers on the same network. If you have been infected by #CryptoWare then your only hope is that you have a backup of all your important data as the only way to ensure a completely clean system is to wipe the computer and re-install windows.
As you can imagine seeing any of these on your computer can create a great deal of alarm and distress and you may be tempted in a blind #panic to just pay the ransom and get your files back. Our advice would be to avoid payment at all costs as there is no guarantee the #attackers will return your data and you could just be wasting money and fuelling the fire.
If you have been infected with any of the above, the first thing you need to do is stop, physically disconnect the device from your network either by unplugging the network cable or by disabling your #WiFi. Next you need to establish what level of infection you have, if it looks like an #anti-virus software that you don’t recognise and it is saying you have a virus infection the simple thing to do is complete a scan with #Malwarebytes or similar and then reboot your computer. This should fix your problem and all your files should be safe.
If you have a full screen warning informing you your files have been locked then the solution is a little more complex. First you need to boot the computer in safe-mode without networking and, as said above, establish by logging into the administrator account if you can access any of your files. If you can the solution is to perform a scan with #Malwarebytes or an equivalent package to remove the infection and then reboot your computer. If you cannot access your files because they have either been deleted or encrypted then your only option to ensure a completely clean system is to wipe your device completely and reinstall your system either from a backup or from scratch.
Often this can be a very daunting and confusing process to carry out if you are not familiar with the process and I would recommend that if you get stuck or become unsure at any point then you consult an IT professional for advice.
How to prevent an attack
The good news is the latest string of attacks have exploited a vulnerability that Microsoft has since repaired so providing your computer is up to date with the various Windows updates you should be fairly safe. That said, here are the steps to keeping your #security as tight as possible:
Windows Updates – Microsoft release large numbers of updates to repair the #vulnerabilities identified in its operating systems. As painful as it can be sometimes to let these install and update, they really are the most important step you can take to protect yourself against an infection. Waiting 20 minutes or so for updates to install will be far less painful than being told you have lost all your data and need to start again. It is also worth ensuring your Windows #Firewall is turned on and up to date to prevent against the initial infected files even reaching your PC.
Anti-Virus Software - A good anti-virus software is your second line of defence, after all prevention is better than cure. There are several free packages available online from the likes of AVG an Symantec, however the best option i have found to date is #Microsofts own Windows Defender. This package has shipped with all windows versions since Windows 8.1. and is an absolute master at protecting home users from every day threats and vulnerabilities.
Back-ip your data... NOW!!! - If you have done everything above, the final step in mnimising your exposure in the event of an unavoidable attack is to regularly back up your data to a secure location that is seperate from the storage on your device. The best option here is to either back your files up to the cloud or to a secure external drive. This will ensue that all your precious files and photos are secure in the event of a Cryptoware attack and that you can simply restart from where you left off at your last backup. I would recommend updating your data at least once a week and keep a couple of backups at a time in the event that one fails to work correctly.
You now have enough information that you should be able to make an informed decision about how to protect your #privacy and #security from online threats. For more helpful tips and advice, or to get professional help if you are a little out of your depth, get in touch today.