What is ransomware?

Ransomware is a type of malicious software (malware) that blocks access to data or systems and demands a ransom to restore access. This is typically done by encrypting files on a computer or network so that they can no longer be read without a special decryption key, which the attacker offers for a fee - often in cryptocurrency.

There are different types of ransomware, but the most common are:

• Encryptors: Encrypts data files, making them inaccessible to the user. This is the most common and harmful form.

• Screen lockers: Blocks access to the computer by displaying a lock screen claiming the system is encrypted - often with a demand for payment to unlock it.

The attacker usually demands payment within a certain time limit. Otherwise, they threaten to delete the data permanently or raise the price.

How does ransomware spread?

Ransomware is often spread through:

• Phishing emails where a user clicks on a malicious link or opens an attachment

• Fake software updates, such as a counterfeit Adobe Flash update

• Exploiting vulnerabilities in systems that the attacker uses to install ransomware without the user's knowledge

Once the system is infected, the programme typically starts encrypting files in the background. Once encryption is complete, a message pops up informing the user of the attack and demanding payment. In some cases, additional malware is also installed and remains on the system - even after payment has been made.

Is it safe to pay the ransom?

There is no guarantee that data will be recovered even if the ransom is paid. Many security experts therefore recommend not paying the ransom - both because it funds criminal activity and because it doesn't necessarily solve the problem. Instead, have backups and recovery plans in place so you can restore systems without surrendering to the demands.

Known examples of ransomware

• WannaCry
  Spread rapidly globally in 2017 by exploiting a vulnerability in Microsoft Windows. More than 250,000 systems were affected before a killswitch stopped the attack.

• CryptoLocker
  One of the earliest forms of ransomware that demanded payment in Bitcoin. Spread via fake emails posing as shipping companies like FedEx and UPS. Caused huge financial losses before a decryption tool was released.

• NotPetya
  Originally disguised as ransomware, but actually designed as a wiper that permanently destroys data. It affected businesses globally and used the same vulnerability as WannaCry to spread.

• Bad Rabbit
  Similar to NotPetya in operation but actually allowed decryption if the ransom was paid. Spread primarily through fake Flash Player updates.

How do you protect yourself against ransomware?

To minimise the risk of ransomware, it is important to:

• Have updated antivirus and operating system

• Train employees to recognise phishing

• Use backup solutions and ensure data is regularly stored offline

• Implement security tools such as firewalls and email filtering

• Minimise access to sensitive data and systems through rights management