It’s happened to millions of people: one moment their computer works fine.
And the next it’s locked, with a hacker’s message demanding money.
Suddenly “ransomware” has claimed another victim.
This security awareness training addresses the growing threat of ransomware, how you can avoid become its next victim, and what to do if ransomware strikes.
Today we will cover how ransomware works, including the risk of paying the ransom. Then we will cover how to avoid ransomware, how to prepare backups to mitigate the effects of ransomware, and what to do if ransomware strikes.
Simply put, ransomware is malware, or malicious software, that holds technology for ransom.
First, ransomware corrupts and locks technology like a computer, a device or individual files.
Then, ransomware demands money to restore and unlock your machines and data.
When ransomware corrupts a computer or device it often prevents it from being restarted, or sets it up to reload the ransomware every time it restarts.
When ransomware locks files, it usually encrypts them with a key not even security experts could recover.
And when ransomware demands payment, it will ask for it using a credit card, bank account, or digital currencies like Bitcoin that require real funds to acquire.
Providing any payment to criminals comes at great risk.
For example, you could pay the ransom and still be left with a locked computer or files.
Or, you could pay the ransom with information that a criminal could use to drain your account.
And even if the ransom was paid as agreed and your computer was unlocked, there’s nothing to stop a criminal from coming back and doing the same thing to your technology again.
Fortunately, you can prevent and mitigate the damage from ransomware by doing the same things you would do to prevent and mitigate the damage from malware and viruses. Specifically, you should do three basic things:
First, you should inspect incoming email, files and software carefully.
Second, you should run antivirus software wherever you can.
And third, you should regularly install patches to keep your existing software up to date.
If ransomware strikes despite all precautions, you can only restore locked files if you have reliable backups.
To make reliable backups, copy data to “removable media” like CDs, DVDs, tape, or a USB drive that you physically disconnect from your machine once the backup has completed. Or, use dedicated cloud-based backup services that store encrypted copies of your data.
Also note that many IT departments have their own backup services and guidance, so consult with IT first if they are an option.
If ransomware ever strikes despite all your precautions, there are several things you should do. First, isolate any infected devices without powering them off if you can.
For example, if you use a wired connection to your machine, unplug it. If you are at home using a wireless router, turn it off. And if you can turn on airplane mode, do it.
Next, get help. If you are at work, tell your manager and IT person and coworkers around you. IT, in particular, may have more instructions for you at this point. If you are instead working with a personal device, consult with a private computer expert as soon as you can.
Once the situation is contained, you or your IT staff can wipe any infected devices and restore all original files from their most recent backups. Of course, a successful recovery from a ransomware attack still depends on backups, so remember to make regular copies of important files to IT’s backup services, removable media or cloud services.
Over the past few minutes, you learned that ransomware locks technology and demands money. You also learned to avoid ransomware using antivirus, file inspection and updates, and to mitigate against its effects using regular backups. And, if malware strikes, you learned how to safely react.
Please review these takeaways, and then click continue to complete the module.