Ransomware is computer malware designed to deny access to user files, sometimes encrypting the entire hard disk drive and even all the attached external disk drives.
It is designed to demand that the user pay a ransom to get the malware creator to remove the restriction (such as supplying the encryption key) so the user can regain access to the system and stored assets.
Most ransomware hits devices through phishing e-mails and pop-up advertisements.
There are three major types of ransomware:
- The first type locks the system in a way that is not difficult for a technical person to reverse; it displays a message requesting payment to unlock it.
- The second type, encrypts the whole disk drive, and any removable storage, then demand a ransom to decrypt it. There is no guarantee of getting any data back.
- The third type pretends to be ransomware but is actually “trickware”, which can easily be removed.
Ransomware usually comes hidden in a legitimate file. When the user installs the legitimate program, the ransomware gets installed as well without the user’s knowledge.
As the number of attacks increase, it has become a global problem that threatens both individuals and companies.
Ransomware is now the number-one security concern for organizations such as Royal Holloway.
The National Cyber Security Centre has issued alerts to Universities being targeted by attackers.
Operations at the University of Newcastle were severely compromised by a recent ransomware attack.
The recovery was estimated to take three weeks.
Staff and students are enduring systems being taken off line at short notice to deal with the crisis.
The goal of the extortionist deploying ransomware is to separate you from your critical information or information which have value.
If your device is infected with ransomware it will become unresponsive and you will be presented with a ransom note with a demand for payment with bitcoin or other cryptocurrency.
The best defense to ransomware are good quality backups. Good backups mean you can restore your device to a known good state without too much difficulty.
If you receive a ransom note the first step is to disconnect your device from the network, or wi-fi network.
Contact the IT Service Desk if you are suffering with a ransomware attack.
It is not recommended to pay the ransom as often the decryption keys are never sent.
Countermeasures to ransomware are good quality backups and keeping your pc and mobile devices as fully patched as possible.