Ransomware: What is the terrifying software that just started infecting Macs, how can you stay safe and how can you remove it?

Hackers use the software to take control of a computer and entirely encrypt its contents — holding the data to ransom until a fee is paid

Andrew Griffin
Monday 07 March 2016 15:45 GMT
Apple MacBook Pro computers with Retina displays stand at a table at a Gravis Apple retailer on November 6, 2012 in Berlin, Germany
Apple MacBook Pro computers with Retina displays stand at a table at a Gravis Apple retailer on November 6, 2012 in Berlin, Germany (Getty Images)

Macs have been hit by ransomware for the first ever known time. It’s an illustration of the worsening and worrying danger of the malicious software, which has been growing at a terrifying speed.

What is ransomware?

In short, it’s software that forces its victims to pay a ransom. It does so by holding important information — or the computer itself — captive, until the ransom is paid.

It’s one of the more damaging kinds of malware because it can lead directly to huge losses of money, or the destruction of personal data.

How does it arrive on computers?

Ransomware can come in almost any form, and in any way.

Often it manages to get in through an infected website or program, sent as an email attachment or downloaded from the internet. Users might think that they are visiting a normal website or opening a safe piece of software, but lurking inside might be the malicious code.

Avoiding getting it is like most things on the internet: don’t click on them unless you’re sure they’re genuine.

What would happen if I get infected?

Ransomware takes control of a computer in two main ways: locking the screen so that it can’t be used, or encrypting files. Both mean that the computer will usually be unusable.

Most people will be alerted to the problem because the screen will be filled with a big notification, alerting the user to the fact that the ransomware is being used. It will also usually tell people how they can get around the hack, including showing information about who and how much needs to be paid.

What should I do if I get infected?

First, unplug your computer to stop the spread of the malware to anyone else. Then call the police — they might not be able to do anything, but it’s important to let them know.

Then comes the difficult process of getting your computer and its files back.

Getting control of your computer is usually relatively easy — deleting the relevant malicious files will stop the malware in its tracks, and you should have your computer back again. To find out which they are, try searching the particular malware that has affected you.

But getting access to the files contained there will be much more difficult. Malware usually encrypts in such a way that it is impossible to get it back.

If you were ready for this or another catastrophe and backed up your files, then restoring your computer might be easy. Once your PC is definitely clean, get hold of your backups and get back to normal.

If there’s no way of getting your files back and you need them, it might be that there is no other option but paying. This is frustrating, encourages hackers and should only ever be considered as a last option — and it’s also risky, since hackers sometimes don’t even hand over the files, and there is no way of tracking them down.

How should I stay safe?

First, it’s important to make sure that you stay vigilant: don’t download suspect files, check email attachments if they appear like they might be fake, and so on.

Second, make sure that everything is always up-to-date. That includes the various updates that will download over the internet on Windows and Mac OS — ransomware and other malware usually gets in through holes in the operating system, and those updates will usually patch them back up again.

It’s also worth downloading an anti-virus package, and making sure it’s kept up to date. That will be able to scan through your computer and watch for suspect files — deleting them as it finds them.

Just in case anything does ever go wrong, make sure that you have all important information backed up. Routinely plugging in an extra hard drive and backing everything up will give you quick access to all of your files; services like BackBlaze will let you do the same over the internet; and specific tools like Apple’s iCloud Photo Library will let you back up particular parts of your files.

What’s going to happen to ransomware?

The software appears to be spreading, helped by the increasing sophistication of the technology and ever easier ways of transferring money without being caught. It began in the mid-2000s and was mostly limited to Russia — but has spread widely since.

If people are increasingly vigilant, however, the spread of the software might be curtailed. Ransomware only works so long as people are distributing and profiting from it, which means that if it is successfully cut off it may start to disappear.

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies


Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in