What Is Ransomware Attacks

You log into work first thing in the morning and a message pops up telling you that all your files have been encrypted or locked...

...and whoever did this is demanding a fee to be paid within 72 hours otherwise your information will be deleted.  - You've just been infected by Ransomware!

What is Ransomeware?

Ransomware is a type of malware (malicious software) that is designed to block access to a computer system or files until a sum of money is paid.  It can be aimed at individuals and businesses.

Often you are infected by someone clicking a link or opening a file. Commonly know ransomware viruses include Cryptolocker, Cryptowall, and more recently, TeslaCrypt. The actual incidence of Ransomware attacks is unknown, as many just pay the money and move on, never reporting the attack.

If you do not have your files backed up it is often impossible to decrypt your files, without paying the ransom demand.

Ransomware Can Affect Smart Phones & Tablets Too

Smartphones and tablets are not immune.  People have been targeted through social media links or websites that encourage you to install a 'video player' app to watch content.

The ransomware tries to scare, trick or even embarrass you into paying the ransom.    For example the  'Koler’ and ‘Locker’ police themed ransomware lock your screen and say that  New Zealand’s Security Intelligence Service has caught you viewing child pornography or downloading or watching illegally shared movies.  It states that they will contact 'witnesses’ and displays three of your contacts on screen with their names and numbers.

How Can I Protect Against Ransomware?

• Education: You need to make sure you and any staff you have are educated about the risks.  Be very careful about downloading apps, opening files and clicking links. You should always verify the sender of attached files, and double-check the validity of webpage links before opening them. 
  

  For example https://www.irs-services.ord.govt.us/secure/login.html is not a valid IRS webpage - it's part of a scam.

  Get your staff to complete our Digital Citizenship assessment, which has a section on Keeping Safe Online.

• Up-to-date Software: Ensure all your devices have up-to-date software. Check Microsoft Security Bulletins and ensure your systems are fully patched and up to date.

• Up-to-date Antivirus Software: Most ransomware can be detected by anti-virus software so check your subscription is up-to-date and that it has downloaded the latest virus definition files.  If you have Android devices, consider installing antivirus software on them too.

• Backup all essential information: - so that if your system is infected it can be cleaned and rebuilt.  Some ransomware can target USB drives or network shares attached to an infected computer, so be careful where your backups are stored.  Don't forget to test that your backup process is working, and that your backups cannot be infected.

• Health check your computer
  If you are a PC user Netsafe NZ recommends you use  the Secunia Personal Software Inspector to look for weaknesses on your machines.

• If your organisation has a network (even a small one) consider limiting staff access to sensitive files and network drives, that will help limit the spread of an attack.