The Ransomware Wave Ravaging Irish SMEs

ransomware guide
  • Facebook
  • Twitter
  • LinkedIn
  • Google+

16 Question Guide to Ransomware

What is ransomware?

It’s malicious software that gets into your PC and locks (or encrypts) all of your files. It then tells you that unless you pay a ransom, the files will be permanently deleted.

How much are talking about?

It’s usually in the region of €300 to €400, but, can be up into the thousands.

One hospital in the US recently paid out €15,000 to recover patient’s files.

The bigger the known target, the bigger the ransom likely to be demanded.

How is the ransom paid?

The standard method of payment now appears to be in virtual currencies, such as Bitcoin, as they are much more difficult to trace.

What if you don’t know how to make a Bitcoin payment?

You’ll be one of the 99pc of ordinary people.

The attackers know this and some operate almost consumer-level helpdesk services to assist in the payment.

There are even reports of call centre services to talk a payee through.

What happens if you don’t pay?

Your files are permanently deleted.

Is there any way to beat it without paying?

There appear to be scant examples of anyone decrypting ransomware files without the correct key.

Why is an encrypted file so unbreakable anyway?

Because it’s a level of security that is designed to thwart would-be snoops or hackers, even those using the most powerful of computers.

For example, it would take years to crack an encrypted file using today’s best code-breaking techniques and algorithms.

(This is one reason why there is so much tension between Apple and various security agencies.

Neither the FBI nor the British secret services can easily break Apple’s encryption, even with their vast resources).

How do I guard against this in the first place?

Don’t open attachments you’re not expecting or which are from sources you don’t know.

Also, make sure you have up-to-date backups of your files.

This way, even if the worst happens, you can simply restore your files from the backups.

So if you do pay up, what do you get in return?

You get a decryption key, usually in the form of a long string of letters, numbers and other characters.

How do you know you’ll get the decryption key if you pay?

Because it’s in their interest.

If they don’t give up the key, others will know there’s no point in paying.

How does it get onto my machine in the first place?

It can be triggered by clicking on the active link in a hoax email (like other forms of computer viruses) or can sneak in if you’re downloading exotic types of software.

What sort of examples should I be looking out for?

In the case of one common variant, “Locky”, you receive an  email with an attached document.

When opened, the document looks garbled, like a collection of numbers and letters.

It advises you to “enable macros” if the “data encoding is incorrect.” If you do that, you can get caught.

Is it just Windows PCs or can other devices be affected too?

While Windows PCs still make the vast bulk of machines affected by ransomware (and malware in general), other devices have been proven to be vulnerable.

Earlier this week, Apple Macs got  their first taste of active ransomware via KeRanger, which was able to sneak onto Macs through a piece of torrent software from Transmission.

There have also been some reports of ransomware (such as Lockdroid) knocking on the door of Android phone and tablet owners.

So what do you do if you get hit?

The key is to have backed up your files online or on an external device, such as a hard drive. If you have recent (and comprehensive) backups, you can take the hit on your files being erased and then simply replace them from the backups.

This is what most businesses affected say they do.

The downside is time; even if you have backups, it can take a day or more to put things back together, knocking your systems offline for awhile.

Should I call the guards?

Yes, so that they can log the incident. But don’t expect any help or guidance.

Are Irish people or companies being affected?

Absolutely, from government departments to hospitals to small businesses to ordinary personal computer users.

This newspaper has been contacted by several companies and private citizens in recent weeks about having been hit by ransomware.

The Government itself has confirmed that individual departments have been hit, although it denies that any money has been paid out.

[fusion_builder_container hundred_percent=”yes” overflow=”visible” margin_top=”20px” margin_bottom=”20px” background_color=”rgba(255,255,255,0)”][fusion_builder_row][fusion_builder_column type=”1_1″ background_position=”left top” background_color=”” border_size=”” border_color=”” border_style=”solid” spacing=”yes” background_image=”” background_repeat=”no-repeat” padding=”” margin_top=”0px” margin_bottom=”0px” class=”” id=”” animation_type=”” animation_speed=”0.3″ animation_direction=”left” hide_on_mobile=”no” center_content=”no” min_height=”none”][fusion_separator style_type=”none” sep_color=”” border_size=”” icon=”” icon_circle=”” icon_circle_color=”” width=”” alignment=”center” class=”” id=””/]

Article originally posted on the Independent