Site icon The Times Group Malawi

Nasty bit of code, repeat warning

This was first published last year in my column, but in view of the recent global cyber-attacks, it is required to read it again.

Currently, a number of corporate clients in Malawi have experienced attacks or infections by a nasty form of malware, generically called Ransomware. It is worth repeating the steps to take to avoid your computer activity grinding to a halt. So what is it and how does it infect you?

Ransomware is a two-stage form of malware that infects your device and then either locks your screen or encrypts most or all of your data. This includes all your documents, spreadsheets and also your music and video. You, therefore, are unable to access these files.

The malware creators then send you a mail with a link to click and make a payment for them to unlock these files. Almost invariably, the infection is caused by a user clicking on a link sent to them by email, sometimes via Skype or another messaging service. The link often appears to be a Word document, named “Invoice” or something similarly innocent. In my mailbox today, I see four such suspect e-mails.

If you are infected, what can you do? Firstly, when encountering this type of malware, you do need to acknowledge that you are probably going to lose some or all of your personal data, whether you pay the ransom or not. The next step is to clean the virus from your device or network. Any up to date modern anti-virus solution can do this for you.

If you do not have a legal efficient anti-virus solution (really?), go to and run an online scan. They also have a free anti ransomware tool for home users available there. However, once you are clean – you are still left with the problem of your files being encrypted and, therefore, unuseable.

There are a couple of things you can try. Firstly, you can pay the ransom, assuming you have an international credit card. This is not recommended and does not guarantee that you will have access to all your data. Remember, you are dealing with a criminal organisation, which is extorting money from you.

Do you have a recent backup? If so, you can look to restore your files from this. Please note though that some ransomware will also infect your backup if it is connected to your device. This includes unmapped network drives. If you do not have a backup, you can attempt to recover recent files using one of the free recover tools available on the web. These will search your shadow copy files on your device and hopefully find much of your data.

If none of this works, then really you need to write off your data. There is no two ways about this. Some of the encryption used is classed as “military grade” encryption and is almost impossible to crack. However anti-virus solution providers are currently working on this.

To ensure this does not happen to you again look at the following options. Take a daily backup to a remote device which is disconnected from your device when complete. Consider backup into the cloud – for example Microsoft offers 1.0Tb of free space in the cloud for their Live account holders. Finally, ensure you run a full and legal version of an anti virus solution, remember this comes free in Windows 8 and 10 for personal users, and schedule regular scans. And most importantly, DO NOT CLICK on unsolicited email attachments, especially those who offer you something for nothing.

These appear to come from legitimate companies such as banks, Fedex or PayPal, even Microsoft, and vary from advising that your account will be shut down, or that you have received a payment or parcel and you need to click on a link to verify. A bit of common sense now will save you that dreaded feeling when your personal data refuses to open as normal.

Facebook Notice for EU! You need to login to view and post FB Comments!
Exit mobile version