At a glance
- The NHS and many other organisations are being impacted by a new strain of ransomware
- Ransomware is a type of malware that infects your computer and prevents you from accessing files
- We outline some precautionary steps you can take to avoid ransomware from infecting your system
This article counts towards accumulating your annual CII CPD structured learning hours for Emerging Risks.
By reading this article, and correctly answering the three questions underneath, you will have achieved the following learning outcome: Identify key emerging risks and describe their main characteristics.
Visit the CPD Hub to log in and begin accumulating CPD hours.
You will have read about the NHS and many other organisations being impacted by a new strain of ransomware.
This ransomware is modified to not only encrypt the files in one laptop but to then spread through a company’s network to other laptops. It has been released by cyber criminals to several companies in Spain, Portugal and the UK. It is now spreading globally, affecting many other countries.
What is ransomware?
Ransomware is a type of malware that infects your computer and prevents you from accessing files (at times, it may even encrypt your files). There’s no fool proof way to completely prevent any type of malware from infecting your computer.
Below, we outline some precautionary steps you can take to avoid ransomware from infecting your system:
- Always ensure your antivirus software is up-to-date. Regularly update your antivirus software. This provides another layer of security against many attacks
- Backup important data. There are no known tools to decrypt files that have been encrypted by ransomware. One good safe computing practice to develop is to ensure that you regularly back up your files. The 3-2-1 principle is a good rule of thumb: have three copies, two different media, and one separate location for your backed up files. Windows has a feature called Volume Shadow Copy that allows you to restore files to their previous state, and is enabled by default
- Always verify the email sender. If you receive an email from someone claiming to be a bank representative, call the bank directly to verify that the message is legitimate. If you receive a suspicious email from a personal contact, reach out to that person directly (do not reply to the email you received) to confirm that they sent you the message. Do not rely solely on trust by virtue of relationships, as your friend or family member may be a victim of a cybercriminal as well. Avoid opening emails from an unknown source
- Double-check the content of the message. There are obvious errors or discrepancies that you can spot in illegitimate emails. For example, if your bank or a friend claims that they have received something from you that you don’t remember sending, try to go to your recently sent items to double-check if you really did send the item they are referencing. There’s lots of tactics that spammers and phishers use to lure you, so take some time to learn about the different types of techniques that social engineers use
- Refrain from clicking links in email. In general, clicking on links in email should be avoided. It is safer to visit any site mentioned in email directly. If you have to click on a link in email, make sure your browser uses web reputation to check the link, or use free services such as Trend Micro Site Safety Center.
For more information on managing cyber risk, please speak with your local Zurich contact.