What is ransomware?
Ransomware is a type of malicious computer program. Any operating system could be affected, but there are over 1bn Windows PCs in use around the world and malware authors usually go for the biggest target.
When ransomware gets onto a computer it might encrypt files so they cannot be accessed, it may prevent Windows from starting, it might block certain programs, such as those that could be used to remove it.
Ransomware demands payment to restore your computer back the way it was.
Preventing you from accessing your computer or files is one way it do this. It might also tell you that you have been engaging in illegal activities on the computer, or use some other made up story to try to convince you to pay the ransom.
The recent global attack that has occurred is one of the worst that many people can remember and it has had far reaching effects.
For example, many NHS hospitals (the UK public healthcare system) were infected and the systems had to be shut down. This meant that patients needing treatment could not be admitted. Anything that wasn’t an emergency had to be cancelled because doctors could not access the computer systems on which they rely.
This was not just an attack on UK hospitals and more than 1,000 computer systems in Russia were affected (that they admitted to), FedEx in the United States was hit, and thousands more companies in the US and around the world were caught up in it.
It was not just an attack on companies and many individuals and home users could be infected too.
"The nature of the attack is related to a strain of ransomware called 'Wana Decrypt0r 2.0'. As the news unfolded, reports revealed the NHS was not the only organization to have been victims of the attack – other organizations around the world were also victims of the Wana Decrypt0r 2.0 attack too." Paul Norris, Senior Systems Engineer at Tripwire
It is one of the worst malware attacks in the last decade and for those infected it will cost around $300 to get your PC working again. That’s if the people behind the ransomware uphold their end of the bargain, and there is no guarantee they will do that.
You could pay the ransom and get nothing, which is even worse.
How do you get ransomware?
How does a PC become infected with malware? There are several ways this can happen, such as:
An email with an infected attachment. The message might look like it is from someone you know, it may contain a message urging you to open the attachment. Don't!
A hacked website could automatically download the malware when you visit it. A hacked site may try to trick you into downloading and running malware by making up a story about how your PC has errors that need to be checked, or that you need to install a plugin to view content on the site. You might see a fake FBI or police notice - anything to get you to download and run the malware.
Malware might be on an portable disk drive or USB flash drive - thumb drive. When it is plugged into a computer, the malware is transferred.
Malware might be contained in software downloads. Instead of purchasing software, people try to save money by downloading cracked or pirated software from dodgy websites. Malware authors hide their software in these dodgy downloads. Avoid them.
What can you do to avoid ransomware?
Early reports suggest that this particular ransomware outbreak used a known flaw in Windows to get into computers. However, it is a flaw that Microsoft patched months ago. (There are additional WannaCrypt updates from Microsoft here.)
One of the best ways to stay safe and avoid malware is to keep Windows up to date. In Windows 10 open the Settings app and click Update & security.
In Windows 7 open the Control Panel and click Windows Update.
You can manually check for updates at any time, but more importantly, Windows can be set to automatically update. In Windows 10 under the Update settings section, click Advanced options.
Tick the box, Give me updates for other Microsoft products.when I update Windows. Tick the option below to automatically finish setting up.
In Windows 7, click Change settings in Windows Update. Select the automatic updates option.
One of the reasons this ransomware spread so fast is because there are so many PCs running Windows that is not up to date.
Updating Windows takes time and effort as you are probably aware, and sometimes it causes problems. In a company with hundreds or even thousands of computers, it becomes a huge task updating them all.
Updating gets put off because it costs too much time, effort and money. However, they have to balance this against the cost of fixing things like this ransomware attack.
Do not pause Windows updates!
It is possible to put off Windows updates by setting the Wi-Fi connection as metered. Do not do this for your main work or home Wi-Fi. Windows needs regular updates to keep you safe.
To check the connection is not metered, in Windows 10 open Settings and click Network & Internet. Click the network connection and under Metered connection, turn the switch off.
Take the online course: Windows 10 Security Guide
Install and update security software
Security software is essential and it should be up to date. Windows 10 with Windows Defender is a pretty good combination and when both are up to date they offer good protection.
Make sure you check for problems and warnings by letting the mouse hover over the icon in the taskbar. Here’s a problem that needs to be fixed and it is a reminder that the computer needs to be scanned for malware.
Third party security software is popular and some tools provide great security. Here are some of the most popular free security programs:
- AVG Antivirus Free
- Avira Free Security Suite 2017
- Avast Free Antivirus
- Panda Free Antivirus
- Bitdefender Antivirus Free
With all security tools there are quick and full scans. A quick scan only looks in the most obvious places on the disk for malware. It could miss malware lurking elsewhere on the PC, so perform a full scan once a week just to be extra safe.
How you select quick and full scans is different in each program, but it is usually fairly obvious.
Malware cleanup tools
If your computer is infected by malware, what can you do? It depends on the type of malware, but if you can start the PC and get to the Windows desktop, use a cleanup tool.
These contain a malware scanning and detection engines, and the ability to remove infections. Basically they are antivirus/spyware tools without the real-time protection.
You should keep at least one up-to-date cleanup tool on your computer just in case it becomes infected, or keep one on a USB drive or thumb drive.
There are many free cleanup tools. Take your pick: 9 free malware cleanup tools for Windows PCs to remove adware, spyware, viruses.
A popular choice of cleanup tool and malware protection is Malwarebytes Antimalware. It can also be used as your main security software and the full program has real-time protection. See Malwarebytes 3 – more than a cleanup tool, it now replaces antivirus.
Make sure you have a backup of the files on the disk drive on an external drive. Unplug the drive when it is not backing up because it is possible for malware to encrypt the files on the PC’s disk and on the backup disk.
Make sure Windows is up to date and that security software is up to date. Regularly scan the disk for malware.
Beware of email attachments and sites that download files to the computer. Do not open them.