What is ransomware?
Ransomware is a malicious software that carries out the cryptoviral extortion attack from cryptovirology that blocks access to data until a ransom is paid and displays a message requesting payment to unlock it. Simple ransomware may lock the system in a way which is not difficult for a knowledgeable person to reverse. More advanced malware encrypts the victim’s files, making them inaccessible, and demands a ransom payment to decrypt them
What does ransomware do?
There are different types of ransomware. However, all of them will prevent you from using your PC normally, and they will all ask you to do something before you can use your PC.
They can target any PC users, whether it’s a home computer, endpoints in an enterprise network, or servers used by a government agency or healthcare provider.
Ransomware can: Prevent you from accessing Windows. Encrypt files so you can’t use them. Stop certain apps from running (like your web browser). Ransomware will demand that you pay money (a “ransom”) to get access to your PC or files.
We have also seen them make you complete surveys. There is no guarantee that paying the fine or doing what the ransomware tells you will give access to your PC or files again.
Is my computer at risk?
It depends. The WannaCry virus only infects machines running Windows. If you do not update Windows and do not take care when opening and reading emails then you could be at risk.
You can protect yourself by running updates, using firewalls and anti-virus software and by being wary when reading emailed messages. It might also be worth taking a back up of key data so you can restore without having to pay up should you be infected.
Can these infections be stopped?
Not really. However, organisations can, and do, work hard to protect themselves. They set up firewalls, install anti-virus programs, apply file filters, run intrusion detection and regularly update software to keep malware and hackers out.
However, no protection can ever be 100% perfect. Why? Because organisations are run by people and they make mistakes. Recognising this, many cyber thieves now rely on tricking insiders into opening booby-trapped attachments or links in emails to start off an infection – a practice known as phishing.
And then there are the billions of login names and passwords stolen and shared by hackers over the last few years. Some cyber gangs now comb through these to find credentials from organisations they want to target. That lets them log in as if they were an employee and start their attack from the inside.
In this case, a patch to close the bug has been available since 14 March but many organisations have clearly failed to apply it in time.