NotPetya is the latest ransomware to hit the headlines and has been working its way through Microsoft networks, encrypting files and generally being a real nuisance. We've got the ransomware myths and facts to help you stay protected.
Wait, what's ransomware again?
Ransomware is malware that worms its way on to your computer, encrypts your files and demands Bitcoin to give you them back. It usually gets onto a computer or network by a stealth download, a drive-by download or after someone clicks an infected advert - although it can also come through a link in an email. You're more likely to come across ransomware if you use suspicious sites or dodgy downloads.
Myth #1 - Apple computers can't get infected
This statement is unequivocally and undeniably false. Apple computers are no more or less likely to be a target of ransomware than PCs. Although the most recent global attacks have exploited a Microsoft weakness, there are plenty of attacks that have targeted Apple Macs.
Myth #2 - If you store your files in the cloud, they won't be infected
Cloud can be infected and encrypted just as easily as local storage. If you can access your cloud storage from your computer, without entering a username and a password, so can any ransomware that finds its way onto your machine.
Myth #3 - Once you pay the ransom, your files will be decrypted
This one comes straight from the perpetrators, 'Give us some money, and we'll decrypt your files'. The decryption key deciphers the encryption, making your files accessible again. But there is no guarantee that once you've paid the ransom, your files will be decrypted. The hackers could ask for more money, or never send you the decryption key at all.
In the case of NotPetya the email address the perpetrator used for the attack was quickly closed down, meaning that even if you paid the ransom there was no way of getting the decryption code in return.
How can I stay protected?
There are some really simple ways you can stay protected against this kind of hack - without throwing all your internet connected devices into the sea, and returning to pen and paper.
Turn on automatic updates
Keeping your device updated is absolutely necessary to keep yourself protected against these types of attacks. Both WannaCry and NotPetya used a vulnerability in an older version of Windows to access devices; they targeted machines running old systems, which hadn't been updated. Waiting for your computer to update may be dull, but its the best way to keep your device secure.
Install anti-virus software - and use it!
Anti-virus is a must. For businesses, it's worth consulting with your IT support team to find something that meets your requirements for a reasonable cost. If you're going it alone, we'd recommend F-Secure. For personal users, we'd recommend Sophos; it's free and has a good selection of features.
Backup, backup, backup
For businesses, its really important that you have a data backup, and a disaster recovery plan. This needs to be offsite, in a location which isn't connected virtually or physically to your devices and machines. It's also worth ensuring that all staff know how to recognise phishing emails, and understand acceptable internet usage and downloads on work computers and laptops.
For personal users, purchase a separate hard drive and make a copy of all your important files, photos, music and videos. Update it regularly, so if something does go wrong you're prepared. If you are worried you've downloaded some malware or ransomware, have it checked over by an IT specialist before restoring your files - just to make sure it's definitely gone from your machine.
Still worried about ransomware? Give us a ring at 0191 482 0444
