What is ransomware?

We’ve all seen the movies where somebody – the cliché is that they’re a damsel in distress, make of that what you will – gets kidnapped, and the hero has to step in on a roaring rampage of revenge to get them back… or more simply pay a ransom if they’re not the rampaging type. Hollywood doesn’t tend to go for the latter scenario, because it’s far less dramatic.

The odds are exceptionally high that this scenario won’t happen to you – but what could well happen to you is that you fall victim to the tech industry’s version of a software-led ransom demand, via malware most commonly referred to as “Ransomware”.

Ransomware refers to malware – unwanted programs lurking on your computer or other devices – that typically tries to lock down your device or your data in a way that makes it unusable or inaccessible to you via encryption. At that point you’re presented with a ransom demand to get access to your device or data back.

The severity and impact of ransomware can vary depending on the precise nature of the attack. In some cases it may just lock out some data (say, your documents folder, for example) behind strong encryption, while other ransomware vectors directly attack the underlying hardware in your computer or device to disable its ability to work at all.

Ransomware works on a pressure principle – you just want to get back to work or get your personal data such as photos or documents back – and that’s often magnified by presenting you not only with a demand for payment, but also a timer that ticks down, promising to destroy or permanently encrypt your files if payment is not made.

Where a lot of early malware and viruses were more simply destructive or anarchic, ransomware has grown massively in popularity online – with criminal types, no regular person is a fan to speak of – because it represents a potentially very profitable way to monetise malware by demanding a ransom in return for access to your own data or computer. 

Ransomware is more typically targeted towards larger enterprise businesses, and that’s because they’re often more tasty targets for criminals, but it doesn’t mean that there’s no chance of hitting ransomware for everyday consumers. Your own ability to pay might be less, but the impact on you would be the same in terms of access to your files.

There are a couple of different ways that Ransomware can end up on a computer or computer system. In some cases, ransomware may appear as a file you’re encouraged to install after clicking on a link, or downloading an application that you think might be 100% on the level. 

Most modern operating systems will check with you before installing unknown applications, but if you blithely click through and assume that that “free” copy of Adobe Ph0toshoPp is legit, then you’re almost certainly going to end up with issues.

Other ransomware vectors can include installations that take advantage of unpatched flaws in operating systems, whether that’s because you haven’t updated, or in some cases because there’s a security vulnerability that hasn’t been resolved by the software vendor (a so-called “Zero Day” attack if it’s a flaw the vendor doesn’t know about). In those cases it may be as simple as clicking on a specifically crafted link, or an incoming message into a system that’s enough to trigger a ransomware installation.

No. The advice here from the Australian Signals Directorate is that you should never pay a ransom – and it’s not hard to see why that’s the advice, even though it might seem like the simplest way to get your files or computer back.

It’s not hard to discern why it would be a bad idea to pay a ransomware demand either. Doing so simply signals to the online criminals that you have means and a willingness to pay, so while they will certainly accept your money – typically cryptocurrency, as it’s much harder to recover – there’s essentially no impetus for them to actually accede to your request and every reason to ask for more money from you. It also could lead to further attacks given you’ve shown you’re already willing to pay.

Seek professional help, because the solutions aren’t simple and are somewhat beyond the scope of this article. However, in broad terms, if you fire up your computer or device and you’re met with a ransomware demand, or you discover that files on your device are becoming encrypted without you doing so, there’s some basic steps that you should undertake.

1. Take notes of what’s happening: This can help with engaging in professionals who may be able to more readily understand what kind of ransomware it is, whether there are mitigating steps that might assist you, as well as giving details to the relevant authorities – in the case of Australian users that would be the Australian Signals Directorate’s ReportCyber site.
2. Switch off the affected device: You may be able to recover some files or data or access if it’s not been fully encrypted or blocked away – and this will also help in stopping the spread of the ransomware to other devices on your network.
3. Disconnect other devices on your network: Ransomware typically loves to spread across networks, because the ransom you can get from multiple computers – or an entire business system – is likely to be larger than what you could get from just one compromised PC. If you can save the files on those other systems, you’re going to be in a better position overall.
4. Change passwords on any systems in that network: Along with encryption functions, a lot of ransomware also includes functions to try to sniff out passwords; in some cases that might enable the ransomware to spread to more machines, but in others it can be to allow access to other accounts, including bank accounts. 

Security in the IT age is always a cat and mouse game, and sadly, we’re all the mice in that scenario. So while nothing is ever 100% secure, there are some smart steps you can take to try to reduce the risk of a ransomware infection.

1. Don’t click on dodgy links or install unknown applications: Ransomware has to get into your system to be effective, and it can quite commonly get there via apps you install yourself. So be extra sure when installing any new software that it’s come from a legitimate source.
2. Be wary of scams, especially impersonation scams: Did your Aunt Betty just message you about an amazing new funny app that you MUST install right now? That’s odd, given she passed away in 2004, isn’t it? OK, that’s an extreme example (sorry Betty!), but it does demonstrate another way you can fall victim to ransomware. If you’re getting files or apps from colleagues or personal friends, be wary, especially if their messages seem either to be out of character or have some kind of urgency to them. Think twice, because if their systems or accounts have been hijacked, they could be used to spread ransomware.
3. Keep your systems as up to date and secure as possible: Software updates are a reality of modern IT, and many of us put them off because we’re busy using our computers and devices and don’t really want the downtime to impact us on a daily basis. However, while new updates are often lauded for the new features that they bring, they’re typically also packed with security udpates that fix critical vulnerabilities that ransomware takes advantage of. No system is ever 100% secure, but an unpatched (or underpatched) system is one that’s particularly ripe for attack.
4. Backup, backup, backup: Backing up your files is boring, we know. It really is. However, if ransomware strikes and your computer is locked down with your entire business behind it, you’re suddenly going to want to marry the backup drive that you installed, because it could be a literal lifesaver for your productivity. It is worth ensuring where possible that you have backups in more than one location – so for example a local drive and a secure online cloud location -- because some ransomware is savvy to this approach and will try to specifically attack and encrypt storage devices on your networks to bypass your backups.