Articles by the cybersecurity community

#ransomware - protect yourselves

Ransomware is a type of malware that is designed to, in very general terms, deny you access to your computer and files by either locking or encrypting them. The malware includes a pop up screen with instruction on how to pay the ransom to have the files unlocked/decrypted.

There are currently two main types of ransomware, locker and crypto. Locker ransomware aims to lock you out of your computer and its functions, but the malware permits some access so you can interact wth the ransom message. This type of malware does not usually destroy your files, it is aimed mainly to lock you out. Crypto ransomware, however, is used to encrypt your files meaning that while your computer still functions you are unable to open any of your files. Ransomware is evolving, and some cybercrime campaigns of this type now include data exfiltration.

The main mechinsims of ransomware infection tend to be via malicious attachments in emails, drive-by downloads from compromised websites, or through malware in advertising (i.e malvertising).  

While ransomware may be targeted to businesses or organisaitons that criminals believe will or can afford to pay the ransom, individuals and smal businesses can also be impacted by this type of cybercrime.

Prevention

This list is not exhaustive, however it does provide some easy to do ways to help prevent your computer/ files becoming compromised by ransomware, or prove a back up if they do.
  • Ensure you keep up to date offline back ups of your important files and configurations
  • Take care not to open attachments that prompt you to run macros to view 
  • Do not click on  links in unsolicited emails
  • Keep your operating system and software patched
  • Use only official legitimate sources to download software

For ransomware incident response ideas please see the post on this page:  https://demystifycyber.blogspot.com/2021/05/ransomware-brief-guide-to-response.html