What is it?
Ransomware is malware used by attackers that restrict access to data by encrypting files and/or locking computer screens. The attacker’s objective is to extort money from victims by asking for “ransom” in exchange for the data. Usually, users are required to pay in form of Bitcoin, which is a digital currency. The most known versions of this virus are WannaCrypt (also known as WannaCry), and Petya (also referred to as NotPetya).
How is it spread?
The weapon of choice for malignant cyber actors (hackers) is a social engineering attack called Phishing. A user will open an unsolicited email and click on a link that facilitates the download of the virus thus infecting the host (computer). Another way that a host can be compromised is by visiting compromised/malicious websites.
Who created it?
No one knows exactly who created this virus but on Monday, December 18th, 2017, White House homeland security adviser Tom Bossert said the United States believes North Korea was behind the “WannaCry” cyberattack in early 2017.
What can you do if your computer is infected?
- Pay the ransom and hope that the attackers follow through on their promise.
- Search for a ransomware decryptor paired with the ransomware flavor/version that is holding your data hostage.
- Forget about your data because, with the technology that is currently available, it’s almost impossible to recover your files (…that is until Quantum Computing goes mainstream).
What can I do to prevent it?
Fully understand how Phishing attacks work and how to avoid them. Here’s a clue… “Be careful with the links you click on.” On that note, here is a link to click on with additional information on Phishing: https://staysafeonline.org/theft-fraud-cybercrime/spam-and-phishing/
Another measure you’ll want to take is making sure you practice healthy Cyber Hygiene. Pay special attention to your data backup habits. If your data happens to be taken hostage or is corrupted but you have an up-to-date backup, you need not worry. The backup media you use should only be connected to the computer while the backup procedure is in process. Once the process is complete, disconnect it from the computer and keep it in safe storage.
