One of the most feared words in cyber security is ransomware. If you have never been affected, then count your lucky stars. This has the potential to end businesses, remove your digital past and relieve you of your hard-earned money. So, let's take a look.

What is ransomware?

Ransomware is a type of malware that encrypts a victim's files and demands a ransom payment in order to decrypt them. Ransomware attacks are typically carried out using a Trojan disguised as a legitimate file that the user is tricked into downloading or opening when it arrives as an email attachment. However, one high-profile example, the WannaCry worm, travelled automatically between computers without user interaction.

How does ransomware work?

When a user opens a ransomware-infected file, the malware will encrypt the user's files using a strong encryption algorithm. The encryption key is then stored on the attacker's server. The attacker will then demand a ransom payment in exchange for the encryption key.

It relies on duping people into taking action to click these links. Ever receive an email that says you have won something? Or that is urgently trying to get you to take action? Or seems to be from your bank? Or even a family member or work colleague? These are the ones to watch out for.

They are psychological and prey on basic human emotions such as fear, ego, curiosity, or greed.

How can I protect myself from ransomware?

There are a number of things you can do to protect yourself from ransomware:

• Keep your software up to date. Software updates often include security patches that can help to protect your computer from ransomware.

• Use a firewall. A firewall can help to block malicious traffic from reaching your computer.

• Use antivirus software. Antivirus software can help to detect and remove ransomware before it can encrypt your files.

• Be careful what you click on. Do not open email attachments from unknown senders or click on links in emails from unknown senders.

• Back up your files regularly. If your files are encrypted by ransomware, you can restore them from a backup.

What should I do if I get ransomware?

If you think you have been infected with ransomware, the first thing you should do is disconnect from the internet. This will prevent the ransomware from communicating with the attacker's server.

Next, you should try to remove the ransomware using antivirus software or a ransomware removal tool. If you are unable to remove the ransomware, you may need to restore your files from a backup.

It is important to note that paying the ransom does not guarantee that you will get your files back. In fact, paying the ransom may encourage the attackers to continue their criminal activities.

How can I report ransomware?

If you have been the victim of ransomware, you can report it to local law enforcement who will be able to sign post you further.

Conclusion

Ransomware is a serious threat that can have a devastating impact on businesses and individuals. By following the tips in this article, you can help to protect yourself from ransomware and keep your files safe.

If you do nothing else, be sure to put in place back up. Right now. I know people who have lost a lifetime of family photos, videos, and memories.

Further Reading

This government issued guide to Ransomware is a great follow up read: https://www.ncsc.gov.uk/ransomware/home

Author

Stuart Barker | Stuart is a cyber security expert, known as the ISO 27001 Ninja and author of the best-selling ISO 27001 Toolkit. He is Director at High Table the ISO 27001 Company: https://hightable.io