Ransomware is a type of malicious software – often referred to as ‘malware’ – that is designed to deny access to your files or your computer system until a ransom is paid.
While the rate of ransomware attacks declined in Australia in 2022, of the organisations surveyed the number was still as high as 70% reporting that they were a victim to ransomware (Source: Sophos State of Ransomware 2023).
Because July is Ransomware Awareness month, we’ve put together a list of the most frequently asked questions about ransomware, and their answers:
How does ransomware infect a computer or network?
In most cases, ransomware is unknowingly let loose on a computer or network through user error. It can be spread through phishing emails that contain malicious attachments, portable computers, exposure to public WiFi, and ‘drive-by downloading’.
Drive-by downloading happens when a user visits a compromised website, malware is then downloaded and installed without their knowledge.
What happens when a computer is infected with ransomware?
When a computer is infected with ransomware, the malware will encrypt files on the system, or may even lock the entire system, thereby preventing users from accessing their files or even using the computer. A ransom note is usually then displayed, instructing the users to pay a ransom to regain access to their files or their system.
The ransom payment is typically requested by BitCoin crypto-currency, so if you do decide to pay the ransom (we strongly recommend you DON’T) then you have the added hassle of purchasing this as well.
An example notice can be seen here from the WannaCry ransomware computer worm that was released in 2017:
Source: Upguard.com
How can I protect my computer or network from ransomware?
Your first line of defence when it comes to ransomware is education and training for all employees. While you might have excellent technology and stringent policies in place, phishing emails often bypass these measures and land directly in the inboxes of your team.
Some other measures you can take include:
- Regularly back up your important files and keep the backups offline or in a separate location.
- Keep your operating system and software up to date with the latest security patches.
- Use reliable antivirus and anti-malware software and keep it updated.
- Exercise caution with email attachments, links, and downloads – particularly from unknown sources.
- Enable pop-up blockers in your web browsers.
- Implement strong and unique passwords, and enable multi-factor authentication on every platform possible – from your emails, to social media channels, to any software used within the business.
Is it possible to recover files encrypted by ransomware without paying the ransom?
The first question we get when people have been impacted by ransomware is ‘Should I pay the ransom if my computer is infected with ransomware?’
In some cases, it may be possible to recover files without paying the ransom but it depends on various factors. Not all ransomware attacks are the same unfortunately, and there is no guarantee of complete recovery.
Your best bet is having daily backups of your files, so that you can revert to these and minimise downtime.
Paying the ransom simply contributes to the problem, so as noted above, we strongly recommend you don’t pay the ransom, and have adequate backups in place instead.
Can ransomware affect mobile devices?
There’s a common misconception out there that ransomware can’t affect mobile devices, namely the iPhone, and this simply untrue.
Although less common than the incidence of ransomware attacks on laptops, PCs, or computer networks, smartphone users still need to exercise a degree of caution when opening emails from unknown sources, opening files or attachments, clicking links, or visiting websites.
Ransomware attacks cost Australian businesses millions of dollars every single year. Don’t be lulled into a false sense of security thinking “It won’t happen to me”, or “I’m just a small Australian business” – cyber criminals don’t discriminate.
If you’d like help with business continuity and backups, cyber security, or staff training, the Calvert team are here to assist. You can fill in our contact form, or give us a call on (08) 7325 5000.
