What is ransomware? And how can I stop it?

It seems like there's always something to worry about when it comes to computer security, and recently the main threat that's been thrust into the public consciousness has been ransomware: but what exactly is this sinister-sounding danger? And how can you stop it?

The good news is there are ways you can protect against getting ransomware in the first place, as well as emergency options you can turn to should your computer get infected. Allow us to safely guide you through the maze of terms and technologies involved.

What is ransomware?

Ransomware has hit the headlines very recently but it's actually been around since the 1990s: it's the idea of locking up someone's computer (or smartphone) and demanding money (the ransom) in order to make the files accessible again.

This is all done through encryption, the process of scrambling files and data so no one can make sense of them without the correct key. Encryption also is the reason governments and law enforcement agencies can't spy on some of your instant messaging conversations - but that's another debate for another time.

In theory, if you give over the money, you get the decryption keys and your files back, though there's no guarantee that the people behind the ransomware are going to honour their end of the agreement.

Like any other type of malware, ransomware comes in many guises, and hackers are constantly working on variations on the same theme. That's a good reason not to get complacent, because you never know what's around the corner.

Some forms of ransomware lock you out of your computer completely, rather than just blocking access to your files. Other ransomware programs don't want any money at all - it you just have to reach a high score to unlock your files again.

The WannaCry attack

Ransomware made news headlines all across the world back in May after a particularly nasty form of the malware by the name WannaCry infected hundreds of thousands of machines across the world. The NHS in the UK and Renault in France were some of the organisations that took a hit.

WannaCry was classic ransomware - locking users out of their files then demanding $300 (about £240) to restore access again. The effect was pretty devastating, with the code eventually reaching more than 150 countries.

The ransomware was able to spread without any user interaction, thanks to a vulnerability in Windows first used by the US National Security Agency. Microsoft actually patched the bug before WannaCry arrived, but many computers hadn't been updated in time. Windows 10 wasn't affected by the bug and was thus immune to WannaCry.

Eventually, patches and fixes were rolled out, and infections slowed down to a trickle. Some users paid the ransom, although security experts were able to develop a selection of tools to fix infected machines without any help from the ransomware makers. Slowly, systems and computers were able to get back to normal, but suddenly the world was much more aware of this particular type of security threat.

Protecting against ransomware

Broadly speaking, you can use the same methods to keep out ransomware as any other type of security threat your computer's going to come up against - keep your software updated, get a reputable antivirus program installed, and be cautious of clicking on links in emails and social media messages where you aren't sure of their authenticity.

As we mentioned above, Windows 10 and older versions of Windows with the latest patches installed were fully protected against the WannaCry threat, which is a very good reason to make sure you're always running the newest software you can.

Another safeguard against ransomware is an effective backup system, because if you get locked out of one set of files then you can just restore the backed up versions and carry on. Whether you store your files on a drive or in the cloud, ensure you have copies in place that you can fall back on.

In general, practice good internet security, by keeping your browser right up to date, keeping your browser extensions down to only those you really need, and keeping an eye out for links and sites that could be dodgy or malicious. No one on the web is ever guaranteed to be safe, but those basics should minimise the chances of you finding a nasty surprise on your computer.

If you get infected

If you do happen to fall foul of a ransomware attack like the WannaCry one, try not to panic. If you've got backups in place, make sure they're safe and restore them when you can - if you're using Dropbox, for example, disconnect the infected computer from the internet first so that the file locks can't propagate to the other copies of your data.

Your next action should be to search the web (from a secure computer or phone) to see if you can find out any details about the ransomware you've been hit with. Its name may well be displayed in one of the messages you're seeing on screen, or you can use use parts of the messages in your search queries to try and turn up relevant information.

Chances are that plenty of people are going to be in the same boat as you, and if you're lucky then there might be a fix or two available from reputable security firms (as was the case with WannaCry). If you can't find a downloadable tool to help then you might at least find some good tips for dealing with whatever type of ransomware you've picked up.

There isn't a one-size-fits-all solution, but if you can access your antivirus software and run a scan then do so. If that's not an option, rebooting Windows into Safe Mode and using an on-demand scanner from the likes of Malwarebytes or Kaspersky might be enough to get rid of any ransomware nasties on your machine.