What is Ransomware?
Recently there has been a spate of ransomware releases affecting both the Mac and Windows Operating Systems. This type of attack comes in the form of malicious code that functions much like a virus. However, there is an additional component in which the data found on your computer is also encrypted. The owner of the computer is then notified of such actions, and their data is held hostage for a ransom to be paid to decrypt the information.
The reason for the uptrend in ransomware is that it creates potential instant cash flow for the hackers of the attack in the form of the removal service they solicit payment.
It makes ransomware one of the more dramatic forms of cyber attacks but is not the only component of such an attack. Usually, it is also coupled with keyloggers and methods to steal data for identity theft. Additionally, some will attempt to spread to other computers using yours as a host. Different versions of ransomware will also give the hacker full remote access of your computer.
How to prevent Ransomware attack
As the data is encrypted recovery while is possible is unlikely. With all this in mind, prevention is always better than the cure. Here are five measures you can take to help reduce the risk and damage of ransomware.
- Back up your data, preferably off the computer such as an external storage device. Lost of any data is restored then after the removal of any malicious code.
- Use a reputable antivirus.
- Keep your OS up to date.
- Keep up to date with current delivery methods of any potential ransomware.
- Consider keeping sensitive financial data on an air-gapped device. Examples include cryptocurrency wallets, bank and credit card details.
Currently, there is a ransomware that has been released called TheifQuest or EvilQuest. It targets Mac OS and uses update patches of apps to allow it to be delivered to the computer via Appstore updates. Another delivery method of this new ransomware is to be embedded into pirated copies of security software that the would-be user would download and install.
More typical methods of delivery include suspicious emails and torrents.
While no antivirus can offer 100% protection, using a reputable antivirus can help detect and remove any potential threats before they are activated.
What to do if you are infected with Ransomware?
If you are attacked, the type of attack will determine the extent of the damage. But most times, the safest method is to reformat the hard drive. However, some attacks can target vulnerabilities in other hardware components. Intel has had a history of a few exploits in their CPUs for a few generations, that seems to have been rectified in current generation CPUs. Luckily this vulnerability would require local access to the computer. But theoretically, if a computer is infected with malicious code, a computer can be destroyed.
Repair of data is sometimes possible, depending on the level of encryption. Recover-ability can only be assessed individually due to the complex nature of the attack. We can help evaluate and potentially repair damage from ransomware or other cyber attacks. If you have queries or concerns feel free to call us on 1300 883 831 and we can help address your security concerns.