What is Ransomware?
Ransomware is a Malware/Virus that stops you from using your PC. It holds your PC or files for ransom.
What does it look like and how does it work?
There are different types of ransomware, however all of them will prevent you from using your PC normally, and they will all ask you to do something before you can use your PC.
- Prevent you from accessing Windows.
- Encrypt files so you can't use them.
- Stop certain apps from running (like your web browser).
They will demand that you do something to get access to your PC or files.
- Demand you pay money.
- Make you complete surveys.
- Often the ransomware will claim you have done something illegal with your PC, and that you are being fined by a police force or government agency.
- These claims are false. It is a scare tactic designed to make you pay the money without telling anyone who might be able to restore your PC.
- There is no guarantee that paying the fine or doing what the ransomware tells you will give access to your PC or files again.
There are three types of ransomware that are been reported:
- File Encryptor - Encrypts personal files/folders (e.g., the contents of your My Documents folder - documents, spreadsheets, pictures, videos). Files are deleted once they are encrypted and generally there is a text file in the same folder as the now-inaccessible files with instructions for payment. You may see a lock screen but not all variants show one. Instead, you may only notice a problem when you attempt to open your files.
- WinLocker - Locks the screen (presents a full-screen image that blocks all other windows) and demands payment. No personal files are encrypted.
- MBR Ransomware - The Master Boot Record (MBR) is a section of the computer’s hard drive that allows the operating system to boot up. MBR ransomware changes the computer’s MBR so the normal boot process is interrupted and a ransom demand is displayed on screen instead.
Which operating systems are susceptible to this type of attack?
As with a lot of malware, the majority of ransomware is targeted at the Microsoft Windows operating system.
- Avoid opening any attachment emailed to you that you were not expecting or can not be verified from a known source.
- Watch out for emails with attachments suggesting you must reply quickly or 'act fast' and hence, feel compelled to open the attachment quickly - without considering the source.
- It’s essential to check the content of the messages you receive by email. As well as the content of emails, their attachments have become a very common method for propagating malware, which is one of the main means of infection by ransomware. For this reason, practices like checking the sender of a message, taking care of offers that sound just too tempting to resist, checking that it is really an email that has been sent, and not clicking on suspicious links are basic measures to take in order to avoid falling victim to tricks that might result in infection.
- For the record, we are Information Systems Services (ISS) and any communication from us should be personally signed – if in doubt, look up the sender from the DCU phone directory: http://www.dcu.ie/info/staff.shtml
What to do if you think you may be infected
If you think that you may have been infected please contact Information Systems Services (ISS) immediately: iss.servicedesk.dcu.ie or call ISS on (01) 700 5007