Skip to main content

Ransomware: What It Is and How to Avoid It

Ransomware is a type of malware (short for malicious software) that infects a computer by encrypting all the files contained in it, so that the victimized person can no longer access the files. It threatens to publish the victim's personal data or perpetually block access to the files unless a ransom is paid. 

When not checked immediately, ransomware will attempt to spread to connected computers.

Ransomware attacks are typically carried out using a Trojan disguised as a legitimate file that the user is tricked into downloading or opening when it arrives as an email attachment. It also happens when the user clicks on a link in the email message and follows further instructions.

Ransomware also occurs when the user downloads and installs a pirated software application.

 

What to do when victimized by ransomware

  1. Turn off the infected computer (IC) immediately.
  2. Isolate the IC from other computers connected (CC) to it via a network.
  3. Clean up each CC of pirated software. If it runs on Windows, use the Windows Security feature to protect the computer.
  4. Follow the tips in the section below.

How to avoid ransomware

  1. Always make backup copies of your computer data.
  2. Make sure that the backups work and are stored separately.
  3. Always keep your operating system up-to-date. For Windows, open "Check for updates" and update your system when you're advised to. For Mac, just follow the notification about the need to update the system.
  4. Always keep your web browsers (Firefox, Chrome, Safari, Edge, etc.) and computer applications up-to-date.
  5. Study with caution any link in email messages that you receive. Hover on a link and verify whether the URL is legitimate or not.
  6. Open email attachments with caution.
  7. Use legitimate software.
  8. Verify email senders. Did they use legitimate email addresses? Do the email's subject and message look suspicious?
  9. Promote security awareness in your office.
    • Update your passwords regularly (at least twice a year).
    • Protect your online accounts.
    • Protect your passwords even from office mates.
    • Always lock your computer when going out of your station.
    • Log out of a computer or application when you are no longer using it.

 

Remember, prevention is better than cure. Be vigilant. Think before you click and download.

 

References:

1. https://en.wikipedia.org/wiki/Ransomware
2. Slides by Dr. Richard Bryann Chua