The recent NHS computer hack put ransomware in the spotlight, but this isn’t a new or unusual kind of malware.
All ransomware has one goal: to extort money. Most, including the WannaCry ransomware used in the NHS hack, encrypt files on the victim’s computer – what’s known as ‘encrypting ransomware’. They then demand payment to decrypt them. But this isn’t the only kind of ransomware, and all use a variety of methods to confuse and panic users into paying up.
This ransomware relies on users and organisations not backing up important data, whether it’s files with personal value, critical financial reports or sensitive information. If you don’t have a backup, there’s no way to recover the files without paying the ransom.
Viruses, trojans, malware, worms – what’s the difference?
Like the NHS ransomware, which showed a message demanding $300 worth of Bitcoin, ransomware usually demands Bitcoin payments as they are almost untraceable by authorities. It’s one of the reasons ransomware is an increasingly popular form of attack.
Encrypting ransomware will often scramble file names and types as well, making it hard for victims to work out precisely what data has been encrypted.
According to security firm Symantec, as of June 2016 more than 90 per cent of ransomware is encrypting ransomware, and it’s increasingly popular to target businesses as well as typically vulnerable home users.
Less sophisticated, but no less annoying, locker ransomware simply prevents users from using their machine.
What happens if you play along with a Microsoft ‘tech support’ scam?
This is sometimes limited to locking specific applications, such as the web browser, or constantly bombarding the user with intrusive messages or pornographic images.
Messages are often designed to mimic a known service or authority, such as the FBI, suggesting the user has broken a law for which they must pay a fine. On rare occasions, lockscreen ransomware can infect the Master Boot Record (MBR), preventing the infected machine from booting at all.
A once common form of ransomware, fake antivirus attempts to defraud users by convincing them to buy a fake program to remove infections. While still a recognised method, its use peaked around 2010 and 2011.
Should you pay the ransom?
While some users find paying the ransom will unlock their files, it’s not guaranteed. Moreover, paying can set a bad precedent, making you a target for future attacks.
In the case of WannaCry, researchers speaking to WIRED US suggested the perpetrators did a poor job of verifying payments, making it unlikely paying the ransom will result in your files being unlocked.
– Read more: Negotiator Moty Cristal explains how to negotiate with hackers holding you to ransom
What can you do to avoid ransomware?
Keep your systems up-to-date and make sure to backup any data you don’t want to lose. Ransomware relies on people not taking precautions, but even simple ones like these should keep you safe.
In the WannaCry case, the malware used a known exploit which was patched by Microsoft. Only systems that didn’t apply the patch have been affected by the attack.