Ransomware 101

Next story
Olivia Storey

Ransomware, it is everywhere and everybody is a target. ESET IT Security Specialist, Mark James, explains how we can stay safe.


How does Ransomware attack?

Ransomware is one of the worst forms of malware. Once your machine is compromised, two significant things happen; first, the malware will start to encrypt as many files as possible.

In its simplest form this will convert the files from a readable to unreadable format, then some kind of notification is shown to the user that the encryption has happened and you will need to pay a ransom to get your files back.

The usual process is you are required to pay a ransom in bitcoins (digital currency) to usually gain a code, enter the code to prove you have paid then the software will, if you’re lucky, decrypt your files.  


Some organisations were not prepared for a cyberattack like this, but what happens when this happens?

All or most of your files are encrypted; this essentially means they are wrapped in a protective programme to stop you or anyone else accessing them.

It’s like a lock box. The files are still inside, but unless you have the key to unlock them, you cannot access them at all.

Ransomware can be a truly devastating piece of malware to hit your business; it has no morals, and it neither cares if you provide a product, service or just information.

What it does do is cause mayhem, worry and concern.

Usually the only fail proof way of getting your data back is through backup and disaster recovery, but it’s not just whether you pay up or not, it’s the inconvenience your users suffer as a result.

Restoring data can take hours, if not days, depending on the systems and the actual malware has to be completely eradicated from your network or it’s just going to start all over again.


What is the best way to prepare for potential attacks like this?

There is only one sure-fire way of protecting against a ransomware attack, and that is backup.

You need a good point-in-time backup at regular intervals stored offline and off premise, that way if you get compromised it’s just a case of restoring from backup, once you have dealt with the initial malware infection.

Paying the ransom is never a good idea.

If you do, you will definitely lose your money and will not always get the encryption keys. You are funding their future criminal activity and if it does not work, you will NOT get a refund.

Also, ensure your operating systems and applications are updated and ensure you have a good multi-layered regularly updating internet security product.


Have you ever been the victim of ransomware? How did you react? Let us know on Twitter @ESETUK.


Join the ESET UK LinkedIn Group and stay up to date with the blog. If you are interested in seeing where ESET has been featured in the news then check out our ‘In the news’ section.