Ransomware: What is it and how to avoid it

Technology
Friday 12 May 2017 at 6:29pm

The NHS has been hit by a major cyber attack Credit: PA

The cyber attack that has hit the NHS appears to be the result of ransomware, but what is ransomware and how can you avoid it?

ITV News spoke to Ben Rapp, the CEO of Managed Networks and an expert on cyber security.

How does ransomware work?

When ransomware affects a computer network, it holds the data it finds there to ransom - threatening to delete it without payment.

"What it does is go into every file in whatever device it's got into and encrypt it, save the scrambled version and delete the original," Mr Rapp told ITV News.

"When it’s done enough of that it pops up a message that says if you want to get your data back then you need to pay some money, usually in Bitcoin."

How does a computer become infected?

"The standard way is for it to be sent in an email," said Mr Rapp.

In the email there may be a link the reader is directed to click on, or an attachment that needs to be opened.

"The email will be psychologically designed," said Mr Rapp.

"It will be urgent, or exciting ... Most cyber attacks are undirected - they’re just shot-gunned out at the universe - but because a single ransomware attack can generate between hundreds and thousands of pounds, it's worthwhile for the ransomware writer spending time customising it."

How do you defend against an attack?

Mr Rapp suggested three methods of defence, but stressed the key to a business preventing its files from being held to ransom was training its staff.

"Train your staff not to open emails that they’re not expecting. Not to click on links or download software they don't know anything about. The vast majority of this stuff requires you to act. There are exceptions to that, but usually the user has to do something.

"The second layer of defence is what we call the 'rule of least privilege' - don't give people any more access to your system than the minimum they need to do their job."

"The third layer ... is a 'ransomware canary'. A piece of software that you keep running on your network. It’s [set up as] the first folder the ransomware comes to and when it detects the ransomware … it sounds an alarm or shuts your fileserver down."