Ransomware is vicious malware that prevents a user from accessing his or her files by encrypting them. It typically arrives on the affected computer through spam emails or executed via malicious ads or compromised websites however more recently ransomware has been known to start from a malicious email attachment. Once the ransomware is executed on the compromised computer, it encrypts files on the user’s computer and any mapped network drives and even connected cloud storage such as Dropbox, OneDrive, Google Drive, etc.
Ransomware was designed to prevent the user from accessing their files and force them to pay the attacker a fee in order to regain access. Once the files are encrypted, ransomware displays a text document or HTML page with a message informing the user that their files have been encrypted and gives instructions on how to obtain the decryption key needed to unlock the files. This message may also warn users that the decryption key will be deleted after a certain time period to pressure the user into paying sooner. The message also contains a link to a website where the user can make the payment. Even if the user pays the ransom, there’s no guarantee that the attacker will provide the decryption key needed to unlock their files.
What can I do to protect my data?
- Limit your online activity to business related sites only.
- Never click on links or open attachments in emails you were not expecting.
- Minimize the amount of data that is stored locally on your computer. Data stored locally is not backed-up by your IT support group. If you do need to store data locally, it should only be personal in nature and it is your responsibility to ensure personal files are regularly backed up to an alternate storage location.
Am I a Victim of Ransomware?
If you suspect your computer may be impacted by Ransomware, please contact your local IT Support group immediately so we can assist with containment of the malware and any recovery operations that might be possible.