Ransomware is a form of malware that provides criminals with the ability to lock a computer from a remote location – then display a pop-up window informing the owner or user that it will not be unlocked until a sum of money is paid. Recent well-publicised examples are CryptoLocker, Cryptowall and WannaCry (and variants of these under different names.
Get Safe Online’s top tips…
- If you have been affected by the WannaCry ransomware attack, get NCSC advice here (small businesses) or here (enterprise administrators).
- Ensure you have reputable and appropriate internet security software loaded, updated and switched on at all times on all connected devices.
- Exercise caution about opening attachments or clicking on links in emails, and visiting unfamiliar websites.
- Establish and enforce strict backup protocols.
In some cases, the only usable part of the computer is the number keypad to enter a PIN to enable payment to the criminals. An additional twist is that an accusation of illegal activity or a pornographic image may sometimes appear on the locked screen, making it more difficult through embarrassment for some users to seek help from anybody else, and simply resort to paying the ransom.
Your computers could be infected by ransomware when you or colleagues inadvertently:
- Open a malicious attachment in an email.
- Click on a malicious link in an email, instant message, social networking site or other website.
- Visit a corrupt website.
- Open infected files from web-based digital file delivery websites, for example HighTail (formerly YouSendIt) or Dropbox).
- Open corrupt macros in application documents (word processing, spreadsheets etc).
- Connect corrupt USB connected devices (eg memory sticks, external hard drives, MP3 players).
- Insert corrupt CDs/DVDs into computers.
- Not being able to access any files or functions on infected computers ever again.
- Still not being allowed access to your files or functions, even when you have paid the ransom.
- Do not reply to, or click on links contained in, unsolicited or spam emails from companies or individuals you do not recognise.
- Visit only websites you know to be reputable.
- Always install updates to software and apps – including operating systems – as soon as prompted.
- Ensure you have effective and updated internet security software and firewall running before going online.
- Perform regular, automatic backups, preferably online to facilities that meet the security needs of your organisation and enable fast, easy access to backed up data.
If you have ransomware on your computers
- To detect and remove ransomware and other malicious software that may be installed on computers, run a full system scan with an appropriate, up-to-date, security solution.
- If any computers have been locked by ransomware, seek professional advice from a trustworthy source. Even then, it is possible that you may never be able to access your files again.