Ransomware – BEWARE!

 

In our role as a domain hosting company we see much of the dark side of the Internet including hacking, viruses and server attacks.  Of these, Ransomware is one of the worst and most insidious.

However, if attacked and if you’re quick to shut down your computer (even pull the power cord out if need be) then you may be able to avoid issues even if the ransomware encrytion process has started.     

                 

To most of us an e-mail, with an attachment or a link, that’s supposedly from a credible source such as the Australian Federal Police (AFP), ATO or Australia Post (a popular faux-sender because of the levels of online shopping) appears like something that should be opened.   Unfortunately, too many think this and every day more computers are being taken-over and people extorted (see Symantec’s example below).  Be very careful.  
 
A test: If something seems important but comes from a source that seems wrong (the AFP notifying you of a traffic fine) then just delete the e-mail immediately.   However, this is being made more difficult as some organisations are increasingly using e-mails to send documents as a way to cut mailing costs, and most don’t advise of this change.  At the moment, scam e-mails claiming to come from Australia Post are being clicked on way too often.  If unsure you can always check the ‘sender’s’ website (the AFP site, for example, mentions the e-mail scam that relates to them) or give them a call. 
 
If you are hit then there is little time to act but you have a chance if you’re quick.  Also if you’re on a network and the other computers have shared files and folders then they too will be infected instantly.  All such computers need action taken immediately as well.  Tip:  Ensure what's ‘shared’ between computers is minimised as much as possible.
 
Firstly, your security software should react immediately when it detects the fact you’ve just unleashed some malware and display a pop up message.  Often these displays are quick so be vigilant, and if you can set them to display for longer, then do so. 
 
Secondly, if there is ANY indication of Malware/Ransomware THEN SHUT YOUR COMPUTER DOWN IMMEDITELY.  Ransomware needs a bit of time to encrypt/lock files, etc and only shutting your computer down will stop it.  Ransomware is usually an executable file so when restarting your computer, in most cases, it should not restart the malware itself.  
 
Finally, scan the computer using your security software such as Microsoft Security Essentials or Norton. But equally important is to run specialist malware software as well.  If you don’t have such software then a good option is Malwarebytes Anti-Malware software.  Go to their site, install the free software (you can upgrade later if you want) and scan again.  When done and all malware is removed then re-boot your computer again.  With any luck you will be able to continue.
 
Preventive maintenance: 
1.      Make sure your security software is always up to date, this usually happens automatically.
2.      Updated system and application software helps also.    
3.      Scan regularly.
4.      Back-up your data regularly, even if only your personal files, to an external/cloud drive or a flash drive.
 
It’s not uncommon to receive 3-4 Ransomware e-mails a day, so be careful.  Ransomware can also be downloaded by visiting malicious or compromised websites, so be careful there too.
 
A bit of history:
 
Ransomware first emerged in Russia and Eastern Europe in 2009 and is largely run by professional cybergangs.  
 
An example of why criminals do this sort of thing as investigated and documented by Symantec:  
 
$33,600 in one day!!
 
Symantec experts analysed how criminals monetise the scheme.  In the month-long period the experts studied one specific attack in more detail and 2.9 per cent of compromised users paid out. This may seem like a small percentage, but it pays off for the criminals:
 
•        During the month 68,000 computers were infected: the equivalent of 5,700 every day.
•        Ransomware typically charges between US$60 to US$200 to unlock the computer.
•        On a single day, 2.9 per cent or 168 users paid the ransomware, permitting the criminals to potentially earn US$33,600; which means the criminals can make up to $394,000 in one month.  There are many types of Ransomware.
 
NB:  Be careful of this also:  Another version of Malware is FAKEAV.  Instead of capturing the infected system or encrypting files, FAKEAV coax users into purchasing their bogus anti-malware software by showing fake anti-malware scanning results.  

Beware!  Beware!  Beware!  
 

Peter Graham

AcctWeb / PlannerWeb