Ransomware is a form of malware (a virus) that encrypts files, or denies the user the ability to access their device, or both. There are many forms of ransomware, but they nearly all lead to a demand for payment of a ransom for access to be allowed. The ransomware may also be accompanied by the theft of data and a threat to post this information online.
Attacks typically come in the form of phishing emails, downloading free software, and remote access scams (where a cybercriminal, posing as a trusted organisation, is provided access to a device and installs ransomware whilst in control). Once the ransomware has been executed, such as by clicking on links or attachments, the criminals have largely automated their whole process. Pop-ups or other on-screen messaging will alert the user to “a virus” or “encryption” or the computer being "locked”. A contact point will be provided, typically with a short timeframe to respond to the ransom demand.
There are two ways to detect ransomware:
Be aware: If a ransomware message is received via email, be sure that is a genuine email and not simply a phishing attempt.
Disconnect your device immediately, including removing anything plugged into it (cables, USBs, dongles), disabling any wireless connections (Wifi. Bluetooth, hotspot, or mobile data), and disconnecting from any other devices on your network (such as laptops, printers or modems).
Take photos (on a non-infected device) of any communications from the criminals, including pop-ups, payment demands, cryptocurrency wallet addresses and websites.
It is possible to stop ransomware from continuing to run on a device with Microsoft Windows 10 by following these instructions from the ACSC. However, if you are using an Apple device, or if your device is not responding, or you do not feel confident following the ACSC instructions, simply hold down the power button on your device to force it to shut down.
Make sure the malware is removed from your device before reconnecting to the internet, joining a network, plugging anything back in, or installing backups of your data.
You may wish to try to decrypt the files on your device. There are hundreds of ransomware types, and in many cases only the criminals have the tools to decrypt. You can try:
If you are considering paying the ransomware, keep in mind:
Remember that removing the ransomware from your device may not be the end of the attack on your business. Consider all the information that the cybercriminal had access to on your device, and assume that all accounts have been compromised. This could include your emails, bank account details (including logins and customer reference numbers), tax file numbers, driver licence details, and superannuation details.
Information stored on your device most likely also includes information about your employees and customers. Contact your IDCARE small business adviser to discuss how to protect your employees and customers, and whether the ransomware infection is also considered a notifiable date breach.
For additional support or information, contact IDCARE by submitting a Get Help Form or call 1800 595 160 (Aus) or 0800 121 068 (NZ).
Identity Care Australia & New Zealand Ltd (IDCARE) provides identity and cyber security incident response services (the Services) in accordance with the following disclaimer of service:
IDCARE as a registered charity does not ask individuals to donate or pay for our front line services. We are not a charity that can receive tax deductible donations.
We rely on organisations that care enough about you to care about us to keep our charitable service going. Proudly these organisations are displayed above and on our Subscriber Organisations page.
If you are asked for payment from someone claiming to be from IDCARE, please report this to us using our Report Phishing email.
IDCARE has access to the Department of Home Affairs Free Interpreting Service, delivered by the Translating and Interpreting Service (TIS National). Access to the Free Interpreting Service is provided to assist you to communicate with non-English speaking people who hold a Medicare card. Please note that the service does not extend to New Zealand citizens or residents who do not hold an Australian Medicare card, or to tourists, overseas students or people on temporary work visas.
New Zealand Relay provides services to help Deaf, hearing impaired, speech impaired, Deafblind and standard phone users communicate with their peers.
A TTY user connects to New Zealand Relay via a toll-free number and types their conversation to a Relay Assistant (RA) who then reads out the typed message to a standard phone user (hearing person).
The RA relays the hearing person's spoken words by typing them back to the Textphone (TTY) User.
The National Relay Service (NRS) is an Australian government initiative that allows people who are deaf, hard of hearing and/or have a speech impairment to make and receive phone calls.
The NRS is available 24 hours a day, every day and relays more than a million calls each year throughout Australia.
ABN 84 164 038 966
IDCARE acknowledges and Respects the traditional custodians of the land on which we operate across Australia and New Zealand.
This website may contain names, images and voices of deceased Aboriginal, Torres Strait Islander and Māori peoples.