Ran$omware… What You Need to Know

April 18, 2016 - Michael McGill, Practicum Student, Saskatchewan Polytechnic - Health Information Management Program

Ransomware attacks are happening daily, in fact there is research that suggests that as many as 1600 ransomware attacks occurred per day in Canada in 2015. The attacks range from personal computers where cyber criminals are holding valuable family pictures hostage for hundreds of dollars to hospitals that are being forced to pay tens of thousands of dollars to have their files unlocked. Below is the information you need to help protect yourself:

What is Ransomware?

Ransomware is a form of malware or malicious software. Ransomware is installed by hackers or cyber criminals and affects your device or system, including smartphones and tablets, by encrypting the hard drive or specific files. The cyber criminals then demand a ransom be paid before the device or the information is decrypted. Of particular concern, hackers may have the ability to access your data during the course of a ransomware attack.

How does a Ransomware attack happen?

Typically ransomware is spread through phishing, wherein an attachment or a link in an email or text message contains malware that is installed when opened. If ransomware is opened on one device in a network it has the potential to spread to other devices if network vulnerabilities exist.

Can a Ransomware Attack be prevented?

Ensure you have virus protection and that it is up to date. Missing even one daily update can make you vulnerable because the type of malware keeps changing. Educate about phishing attacks, in particular only download email attachments or click on links from trusted sources. It’s also a good idea to back up all your files on a hard drive that is not connected to your computer so that you have a clean and accessible copy of your files if your computer does become infected. Developing a plan and having employees educated about what to do in the event of a ransomware attack would be best practice for all public bodies, government agencies, and trustees.

How should someone respond to a Ransomware Attack?

Depending on the severity of the attack and what types of safeguards are in place will determine your response. You can’t remove the malware without destroying the infected files. If you have those files externally backed up, you or a computer technician can remove the files and the malware, and reinstall uninfected files from the backup. Of course, you shouldn’t connect your external backup to your computer until the malware has been removed, or it could become infected too. Police say if you have not paid the ransom, you can report the incident to the Canadian Anti-Fraud Centre at 1-888-495-8501, or by email to info@antifraudcentre.ca.

If you pay the ransom, the cybercriminal provides a code, which triggers the decryption process. That can take days or weeks. Once files are decrypted, you’ll be able to access them again. If you pay the ransom, you will regain access to your files, but this may not remove the malware itself. There have been numerous instances of computers becoming re-infected. As a result, some technicians recommend wiping your system and changing your IP address. Also, remember that if you pay, you are funding a criminal enterprise and encouraging more attacks. If you have paid the ransom, you can report the crime to your local police force.

Categories: Blog

Back to Blog