Blog‎ > ‎

Ransomware

posted Feb 8, 2014, 7:31 PM by Daryl du Plessis   [ updated Feb 8, 2014, 7:35 PM ]
There's a new kid in Malware town and he's causing trouble. Going by the generic label of Ransomware, this class of malicious software takes control of a system and then directs the user to pay for the system to be unlocked. The intention is always to extort money from the user. In some cases a law enforcement agency message will be used claiming that the computer has been used for illegal activities. In other cases, files will be encrypted and rendered unusable unless the ransom is paid.

In Australia, the Cryptolocker virus has been impacting many businesses and individuals, including local councils in WA. The payload for this virus encrypts all Office documents on drives that are connected to the infected computer. Once this process is completed, a message will popup stating that the files have been encrypted and that a ransom is required to decrypt the files. This can obviously cause a significant impact on the businesses involved. The infections are usually caused by users opening attachments in emails that look like PDF documents but are in fact executable programs. It is also possible for websites to install the malicious code to workstations.

It is not advisable to pay any ransom, as there is no guarantee that the malware will be removed, in fact it is more likely that you will be targeted for further extortion. It is advisable to get a computing professional to assess the damage and see what can be recovered. To mitigate against the impact of ransomware, it is best to ensure you have a regular backup, preferably offsite and not connected to the network. This way it is possible to recover files that have been encrypted or rebuild systems that have become unusable. Prevention is better than cure so it pays to follow the standard precautions for safe computing:

  1. Always have an up to date anti-virus package installed; 
  2. Don't open attachments that look unusual or are from unknown senders; 
  3. Don't click on links in emails as these could take you to an infected website;
  4. and lastly, be careful which websites you do visit, as they could infect your PC. 

A number of anti-virus products have browser extensions that can advise the trustworthiness of websites, it is worth using these to be safe. Also as mentioned last month, don't install software that you are not 100% is safe.
Comments