“Ransomware is unique among cybercrime because in order for the attack to be successful, it requires the victim to become a willing accomplice after the fact”
― James Scott, Sr.

Ransomware

Ransomware can target anyone, from individuals and small businesses to large organizations like government departments and hospitals. Ransomware is a malicious software that infects your computer and displays messages demanding a fee to be paid in order for your system to work again. This class of malware is a criminal moneymaking scheme that can be installed through deceptive links in an email message, instant message or website. It has the ability to lock a computer screen or encrypt important, predetermined files with a password

What are the different types of ransomware?

Ransomware is a type of malware and there are four main ransomware variants:

  1. Scareware: Scareware is fake security software that claims malware is on the computer. The end user receives a pop-up that demands payment for removal. If a payment isn’t made, pop-ups will continue but files are generally safe. Real antimalware/antivirus software already monitors for malware attacks. Nor will it make you pay to have an infection removed.
  2. Screen lockers: Screen lockers lock you out of your computer. The ransomware replaces the login screen with a screen demanding payment. Often the screen has the FBI’s or another law enforcement agency’s logo. No law enforcement agency will freeze you out of your computer. Nor will they demand payment for an illegal activity. They will go through appropriate legal channels.
  3. Encryption ransomware: Encrypts your files and demands payment to decrypt them. This is ransomware has the highest cybersecurity risk. It is hard to regain access to encrypted files. The only way is to pay the ransom or use a decryption tool.  Even if you do pay the ransom, there is no guarantee the attacker will decrypt your files.
  4. Mobile ransomware: The popularity of mobile devices has led to the development of mobile ransomware. It often targets Android as it allows installation of third-party applications. Unlike Apple’s iPhone operating system.

Ransomware can get into your computer in the same way that malware, or a virus, does. For example, this can be from:

  • visiting unsafe or suspicious websites
  • opening emails or files from someone you don’t know
  • clicking on malicious links in social media, like Facebook posts.

If you’re affected by ransomware, there are ways to get your data back without paying the ransom. But the best thing you can do is understand how to prevent an attack in the first place.

How to prevent ransomware

Here’s how to prevent ransomware attacks and minimize their impact if they do occur:

  • No single point of failure: Whether it’s ransomware, hardware failure, database error, or something else. If your data is important, then it should be backed up, at at least one other secure location.
  • Patch everything: Keep your systems up-to-date to avoid known exploits. See Keep up with your updates 
  • Security awareness training: It’s easier to prevent malware infections than reverse them. Don’t install software you don’t trust. And don’t give administrative privileges to every employee.
  • Antivirus software: Antivirus software like Kaspersky or McAfee can detect known ransomware families and whitelisting software can prevent unauthorized applications from executing in the first place. 
  • Backup solutions: In the event of a ransomware infection, it’s essential to have data backed up. If your data is backed up and safe, your organization can quickly recover from an attack. Use an online storage solution and/or external hard drive back up such as Google Drive or Dropbox for all important files. See Backing up data and devices

These tactics reduce the cybersecurity risk of ransomware, turning it from a disaster to a minor nuisance.

How to respond to ransomware attacks

Now you know how to prevent ransomware, but what if you have already become the victim of a ransomware attack?

In the event of a ransomware attack, it is important to know what to do. Here are some simple steps to follow to minimize damage.

  • Isolate your computer: If you experience a ransomware attack, the first thing to do is to disconnect from any networks and the internet. Disconnecting in this way, isolates your computer and minimizes the chance of the ransomware infection spreading to other computers.

Never pay the ransom

Do not pay any ransom demanded by the cybercriminals carrying out the ransomware attack. Like a real-life hostage situation, it is best not to negotiate with cybercriminals. Paying the ransom will not guarantee the return of your data — after all these individuals have already manipulated your trust.

Caving in and paying also encourages this sort of crime. The more people that pay the ransoms, the more popular ransomware attacks become.

Ransomware removal guide

Follow the ransomware removal steps below to recover from a ransomware attack.

Step 1: Disconnect from the internet

First up, disconnect from the internet to stop the ransomware from spreading to other devices.

Step 2: Run a scan using internet security software

Use the internet security software you have installed to run a scan. This will help to identify any threats. If it detects any risky files, they can be removed or quarantined.

Step 3: Use ransomware decryption tool

If your computer gets infected with encryption ransomware, you will need to use a ransomware decryptor to decrypt your files and data so that you can access them again.

Step 4: Restore files from backup

If you have backed up your data externally or on cloud storage, restore a clean backup of all your files on your computer. This allows you to revert to a version of the software that is malware-free.

If you don’t have a backup, then clearing your computer and recovering your files is going to be a lot harder. To prevent this from happening, we recommend regularly backing up your data. If you’re prone to forgetting, then take advantage of automatic cloud backup services or set up calendar reminders for yourself.

Visit CERT NZ for more information. 
Visit ACSC for more information.