Q&A: What you need to know about ‘ransomware’ attack

PROVIDENCE, R.I. (WPRI) — The massive cyberattack that hit 150 countries around the world on Friday continued to spread Monday, but not as quickly or intensely as some had feared.

Eyewitness News interviewed Risa Pecoraro, VP of Product Research and Development at CyberScout, to get answers to common questions about cyberattacks.

What is ransomware?

Ransomware is when a virus or malware gets into your network and takes over your computer and prevents you from accessing anything on your computer, pictures, files, email. Anything that you have stored there is actually being held hostage, and the way to get it back is by paying a ransom.

How did this attack happen?

This particular ransomware attack started in the UK. It spread very rapidly. It was due to a known flaw in a Windows operating system that needed a patch.

Who’s at risk?

Everything from healthcare, government, education, private industry. It’s really across the board. It’s not targeting one kind of company or industry. One of the things that I think can get lost in this is how much at risk small businesses are. The big businesses and the big sectors get all of the press, but the fact of the matter is that small businesses are even more at risk because they tend to lack the knowledge, understanding and resources to make critical updates for their networks.

Risa Pecoraro of CyberScout

How does a ransomware victim recover files?

Once you find out you have ransomware, usually you’re being presented with a screen that says “your computer and everything on it is being held hostage, and if you want it back, you need to pay us this amount.” In the case of the most recent ransomware attack that’s gone global, the amount has been relatively nominal: as low as $300 dollars in bitcoin, but but some of these cases are very, very expensive. Ransomware usually asks you to pay in bitcoin. Hackers can be very business-oriented, so they’ll take you through the whole process of how to buy bitcoin. They’ll show you how to get a wallet. And then they actually have customer service departments because they’re in it to get paid, not to make it hard for you to get your stuff back.

Can I prevent a ransomware attack?

The first thing is keep your software updated. These kinds of ransomware attacks get through vulnerabilities. Always make sure your software is updated and your operating systems are updated. The other thing is be careful what you click on. You have to be educated about what you’re clicking on so you’re not inadvertently sending your stuff to a bad place.

How often should I back up my computer? 

Make sure that you back up your information. For businesses, at least once a day is ideal. If you can’t, even once a week so that you’re storing something. It gives you some options. Maybe you don’t want to pay the ransomware. That could be an option if you have good backups. It becomes less feasible if you don’t have anything to refer back to.

Any other advice?

Create a plan. What would happen to you if your business couldn’t operate normally for a day, two days, a week or more? What would happen if you lost every single thing on your computer or your network? That’s the kind of disaster you have to think about. Setting up a plan and doing backups gives you some options.

Susan Campbell (scampbell@wpri.com) is the Call 12 for Action and Target 12 consumer investigator for WPRI 12 and Fox Providence. Follow her on Twitter and on Facebook.