t's a malicious virus that locks the user out of their computer and demands a fee to return their files.
A report published by the Australian government claims 72% of businesses surveyed experienced ransomware incidents in 2015.
The figure was just 17% in 2013 .
It's also a growing threat for mobile devices as it can be hidden in an app, says Gert-Jan Schenk, vice-president at internet security company Lookout.
"For the most part, we've seen ransomware delivered through drive-by downloads - it pretends to be a popular app, increasing the chances that you'll click on it," he explains.
"To avoid these threats, users should be very careful about what apps they install, and where they come from - read the reviews on Google Play, and avoid side-loading from untrusted sources."
How does it work?
Thinkstock
Like most computer viruses, ransomware often arrives in the form of a phishing email, or spam, or a fake software update - and the recipient clicks a link or opens an attachment.
The virus then sets to work encrypting the user's files.
Once the computer is effectively locked down, it demands a fee - often in bitcoins because it is less easy to trace - for the return of the files.
The fee is generally one or two bitcoins - the equivalent of about $500 (£330).
It is less common now, but in the earlier days of the malware - about five years ago - the ransom note could take the form of a law enforcement notice.
The user was directed to a web page that appeared to be from, for example, the FBI, falsely claiming illegal images of children had been been found on the machine and a fine was payable.
There is generally a time limit to comply, after which the ransom increases.TheIs there any way to get round it?
Thinkstock
Sometimes it is just a threat, but mostly the virus really does encrypt files.
The only way to retrieve your files without paying the ransom is to go to a backed-up version.
Neil Douglas, from Edinburgh-based IT company Network Roi, has just helped a small business client whose server was hit by ransomware.
"We had to recover everything from back-up. We'd had a back-up two minutes before the infection, so the timing couldn't have been any better - but it did result in quite a bit of downtime," he says.
"You could risk paying them - but it's a bit like paying a blackmailer. We would only recommend it as a last resort.
"You don't know whether they'll come back for more, you don't know that they'll clear the infection."
Cybersecurity expert Prof Alan Woodward says paying also leaves you vulnerable to further cybercrime.
"As soon as you pay up, you get on a suckers' list and you'll probably get contacted again," he says.
"It's low-hanging fruit for the criminals." ransom is usually demanded in the form of bitcoins
No comments:
Post a Comment