Ransomware
Ransomware is a form of malware (a virus) that encrypts files, or denies the user the ability to access their device, or both. There are many forms of ransomware, but they all lead to a demand for payment of a ransom for access to be allowed.
Attacks typically come in the form of phishing emails, downloading free software, and remote access scams (someone being provided access to another person’s device and installing ransomware whilst in control). Once the ransomware has been executed, such as by clicking on links or attachments, the criminals have largely automated their whole process. Pop-ups or other screen messaging will alert the user to “a virus” or “encryption” or “computer being locked”. A contact point will be provided, typically with a short timeframe to respond to the ransom demand.
Detecting Ransomware
There are two ways to detect ransomware:
- prior to executing the malware and
- after executing the malware. The best way of detecting it before it’s executed is through antivirus. Make sure you run antivirus on all devices frequently. The other way is when it’s been executed and a demand is made.
Preventing Ransomware
- Ensure you back-up all of your data.
- Run anti-virus frequently and make sure it’s the most recent version – millions of viruses are created each year so your anti-virus needs to keep up with these.
- Turn off your cloud storage when you are not using it (like Google, DropBox, OneDrive etc).
- Keep your operating system and apps/ software updated.
- Consider blocking ads and pop-ups, and think twice before downloading freeware (free downloads) without checking their security first!
- Become familiar with how to spot phishing emails and never provide remote access to your device when someone calls or emails you first.
Responding to Ransomware
There are hundreds of ransomware types, but unfortunately most cannot be decrypted. Ransomware encrypts and the criminals using it have the tools to decrypt. Before you think about paying, you may want to try the following:
- EUROPOL and a number of software security vendors have launched a free decryption check called CRYPTO SHERIFF that can be accessed at.
- Decryption services – these are by no means a guaranteed result and most cost money.
- Assess what’s at risk and would be lost. If there’s too much at stake you may have to consider paying but be careful, you’re dealing with criminals.
Disclaimer
Identity Care Australia & New Zealand Ltd (IDCARE) provides identity and cyber security incident response services (the Services) in accordance with the following disclaimer of service:
IDCARE is Australia and New Zealand’s national identity and cyber incident community support service. We are a not-for-profit charity.
- The Services provide do not constitute legal advice. IDCARE recommends that you consult a solicitor in relation to your legal rights and obligations, including but not limited to your legal rights or obligations under Australian and international privacy and data protection laws.
- While every effort has been made to ensure the accuracy of the information in this product or service, to the maximum extent permitted by law all conditions, terms, representations, and warranties (in each case, whether express or implied) in connection with the provision of the Services which might otherwise be binding upon IDCARE are excluded.
- IDCARE’S liability for any loss or damage suffered by any person or organisation (including, without limitation, any direct, indirect or consequential loss or damage) arising out of or in connection with the Services (including without limitation liability for any negligent act or omission, or statement, representation or misrepresentation of any officers, employees, agents, contractors or consultants of IDCARE) shall be limited to the fees paid by you to IDCARE in respect of the Services. For the avoidance of doubt, this limitation of liability extends to any liability arising from any actions performed or not performed as a result of any recommendations made in course of providing the Services.
- The Services provided by IDCARE are intended to be provided solely to the initial recipient of this document or service and IDCARE will not be liable to any other person who may receive this document.
While every effort has been made to ensure the accuracy of the information in this alert, IDCARE disclaims any liability to any person in respect to any actions performed or not performed as a result of the contents of the alert or any accompanying data provided. Wider dissemination may be permitted by authority in writing from IDCARE’s Managing Director. If you would like to provide feedback please use our Feedback Form.
Other fact sheets
Twitter Security
Twitter is a virtual and public forum used by individuals, groups and businesses.
view fact sheet
www.cyber.gov.au and the Police
www.cyber.gov.au or the Police? Which one to report the compromise of personal information?
view fact sheet
Understanding Patching
A patch is a piece of software designed to update a computer program.
view fact sheetCONTACT US
Get help
AUSTRALIA
1300 432 273
Mon - Fri : 8am - 5pm AEST
NEW ZEALAND
0800 201 415
Mon - Fri: 11am - 8pm NZST
IDCARE as a registered charity does not ask individuals to donate or pay for our front line services. We are not a charity that can receive tax deductible donations. We rely on organisations that care enough about you to care about us to keep our charitable service going. Proudly these organisations are displayed above and on our Subscriber Organisations page. If you are asked for payment you are encouraged to report this to IDCARE via our Report Phishing page.