Ransomware – The malware that is holding South African companies at gunpoint
Ransomware is a type of malicious software (malware) that prevents or limits users from accessing their system. This type of malware forces its victims to pay the ransom through certain online payment methods in order to grant access to their systems, or to get their data back.
There are different types of ransomware. However, all of them will prevent you from using your computer, server or now even mobile device. They can:
- Prevent you from accessing your operating system
- Encrypt files so you can't use them
- Stop certain apps from running (such as your web browser)
They will demand that you do something to get access to your device or files:
- Demand you pay money – normally in bitcoins
- Make you complete surveys
Often the ransomware will claim you have done something illegal and that you are being fined by a police force or government agency. These attacks can be incredibly lucrative: One researcher found that a hacker made more than $1 million in a single day off of hapless users desperate for their data back.
These claims are false. It is a scare tactic designed to make you pay the money.
Ransomware has the potential to attack the Internet of Things. In one instance, a researcher was able to infect a TV with ransomware.
Ransomware is now even attacking smart phones.
Last month, one hospital paid $17,000 in ransom when ransomware attacked its computer system. The computer network was down for more than a week, and patients had to be transferred to other hospitals.
Essential first steps
- Use a reputable antivirus solution and ensure it is up-to-date.
- Regularly backup your important files.
- Ensure all software is up-to-date especially highly targeted software like Java, Acrobat Reader etc.
- Avoid clicking on links or opening attachments or emails from people you don't know or companies you don't do business with.
- Awareness is key - Educate all users about the threat.
- Have a pop-up blocker running in your web browser.
- Show hidden file-extensions.
- Filter EXEs in emails.
- Disable files running from AppData/LocalAppData folders.
- Disable Remote Desktop (RDP).
Dealing with an Infection
- Disconnect from WiFi or unplug from the network immediately.
- Remove the malware with your AV vendor’s removal tools; additionally look at the list provided below.
- Use System Restore to get back to a known-clean state.
- Set the BIOS clock back.
- Decrypt the encrypted data (tools listed below).