You log into work in the morning. A message pops up telling you that all your files have been encrypted or locked...
...and whoever did this is demanding that you pay a fee within 72 hours, or everything will be deleted.
You've just been infected by ransomware!
What is ransomware?
It's a type of malicious software designed to block access to a computer system or files until money is paid. It can affect both individuals or businesses.
Infection happens when you (or someone else within your organisation) opens a link or attachment in an email. Known ransomware viruses include Cryptolocker, Cryptowall and TeslaCrypt. The total number of ransomware attacks is unknown. Many affected organisations and individuals pay the money and move on without reporting the attack.
If you don't have your files securely backed up, it's often impossible to decrypt your files, without paying the ransom demand.
Not just PCs
Smartphones and tablets aren't immune to ransomware. People have been targeted through social media links or websites that encourage you to install a video player app to watch content.
Ransomware tries to scare, trick or even embarrass you into paying the ransom. For example, some police-themed ransomware locks your screen. It then tells you that New Zealand’s Security Intelligence Service has caught you viewing child pornography or downloading movies. It states they will contact "witnesses" and displays three of your contacts on screen with their names and numbers.
How can I protect my files from ransomware?
1. Education: Make sure you and your staff know about the risks. Be careful when downloading apps, opening files and clicking links. Always verify the sender of attached files and web page links before opening them. Get your staff to complete the Digital Citizenship Assessment from Digital Journey; you'll find the link at the top of this page.
2. Anti-virus software: Anti-virus software can detect most ransomware before it infects your system. So check that your subscription is up-to-date with the latest virus definition files. If you have Android devices, consider installing anti-virus software on them too.
3. Back up all essential information: This will let you rebuild system if it does get infected. Some ransomware can target USB drives or the network attached to an infected computer, so be careful where you store your backups. Back up your data to a cloud provider, but make sure that the cloud storage is not synced from your local computer. Don't forget to test that your backup process is working, and that your backups can't be infected. If your organisation has a network (even a small one) consider limiting staff access to sensitive files and network drives. This will help limit the spread of an attack.
4. Check your computer: If you are a PC user, Netsafe NZ recommends you use software to look for weaknesses on your machines.
See the Software Vulnerability Manager from Flexera
What if I become infected?
Netsafe NZ is a great resource and has a wealth of information on how to prevent security breaches and what to do when they occur.
Go to Netsafe NZ
Check out the following information on dealing with different types of ransomware:
- Cryptolocker ransomware
- Android ransomware