RANSOMWARE

Ransomware is a type of malware that infects and restricts access to a computer system or files until a ransom is paid to unlock it. Malware is a grouping term that refers to Viruses, Trojan, and Ransomware etc. What is challenging is that most new strains of Ransomware are very difficult to prevent because they prey on a person giving permission to activate the malware.

The effect that ransomware can have on your organisation can be devastating. This is why we have created a short video hosted by our Director and Security expert, that discusses the growing threat of ransomware, the latest variants such as ‘Crypto’ and how you can protect your organisations data and systems. Please note- this video requires sound.

How does Ransomware work?

What makes it so hard to prevent is that new variants render traditional security methodologies useless by prompting the user of the systems to initiate the malware. The person is inadvertently giving the malware permission to encrypt files, an action that your staff can do at any time. The issue, of course, is that it does so with a key that you don’t know, effectively rendering the file useless. Further it does this to any file that the affected staff member has access to on your entire network, potentially all files.

Imagine you apply a password to an important file and then forget that password. Anti-virus can’t stop this, it’s a standard daily activity, but one that has resulted in you not being able to access the file. This is effectively what the staff member is inadvertently giving Ransomware permission to do.

Ransomware typically infects through malicious email attachments such as zip files, word docs, pdfs or emails that are designed to look legitimate and include a link to a site that infects your computer. These emails often appear to be from reputable companies such as banks, in order to trick the user into opening the attachment. We have some samples below

Essentially after the Ransomware variant enters your computer, it will encrypt all of your data files, from your Word documents to your photos, videos and pdfs. It will then demand a ransom in order to get them back.

How do I best stay protected?

The best way to stay protected is to be cautious when browsing unknown websites, opening attachments from unknown sources and avoid using free scan tools.

  1. Do not follow unsolicited web links in email messages or submit any information to webpages in links.
  2. Use caution when opening email attachments
  3. Ensure your operating systems and software, including anti-virus, are up-to-date.
  4. Perform regular backups of all data to avoid serious consequences should your system become infected
  5. Engage you IT services team or provide to ensuring network file permissions are properly maintained. The attack can only affect files the infected user has write or administrative access to.

Can anti-virus programs help?

The purpose of Anti-virus systems is to stop malware entering your network. The issue with Ransomware is that the affected staff member is confronted with something that is not Malware and that staff member inadvertently gives permission for the Malware to enter the network and become active rendering security layers useless.

User education is the strongest defence. Current ransomware variants require a user to click on the wrong thing, effectively authorising malicious software to run.

Dan Prowse – Diamond ICT Support Team leader.

Can anti-virus programs help?

Once your PC has been infected with Ransomware you will be unable open files, instead you will get a pop window asking for a ransom like the images below

What should I do if I get infected by Ransomware

Turn off and disconnect from the network any PCs ASAP.

It’s very important that the affected staff member let’s their management and Diamond know ASAP. There can be less damage caused if it’s caught earlier.

Your organisations management should give consideration to whether the risk of other systems being infected outweighs the impact of shutting down the entire network until Diamond arrives.

Should I pay the ransom?

No. Although there has been reports of the ransom being paid and the files been unlocked the success rate is quite low. Mostly there is no response or when the response does come the unlocking of the files is unsuccessful. We don’t mean to make light of the situation, but as you can possibly imagine, these hackers don’t have 24/7 priority support attached to their decrypting.

How do I get my files back?

The only realistic way to get files back is to restore from the last successful backup.

It’s very important to ensure your IT services provider or internal team is clinically monitoring backups.

How can Diamond help?

For customers on a Managed Services Agreement for their IT systems.

Diamond is using our comprehensive skills in Managed Services to take every possible measure to help protect our Managed Services customers.

  • Managed Services architects, software developers and engineers are doing everything possible to stop variants entering our IT Managed Services customer’s networks. Using our unique DMS system we have been able to roll out protection against some of the variants, but we make no guarantees as new variants are being created all the time.
  • As a standard component of our Managed Services agreements, we’re continuously monitoring backups to ensure if an event occurs your information is safe. We’ve recently launched a cloud backup product that provides an extra layer of isolation to protect the backup from infection. For all customers, including those not on managed services agreements.
  • Awareness is a major factor, we’ve been very active in our communication to raise awareness of this threat.
  • We have developed some very innovative ways of tracing the damage to cut down the time taken to restore data.

Examples of Ransomware variants.

The following are some known examples, not designed to be an exhaustive list.

Telstra – Account Billing Refund Email


AGL – Electricity Bill Email

Australian Federal Police – Infringement notice

Australia Post delivery

Tax refund

Resume

Office of state revenue

Fake software update
The fake software updates are usually for Adobe Flash player. The fake page will look very similar to the actual adobe update page but you will notice that the web domain within the address of this page does not end with Adobe.com.

Contact us today about Ransomware

To customers on a Diamond IT SLA, we’re providing protection as soon as it becomes available and keeping you in touch with any developments.

For Diamond Customers who are not on an IT SLA and any other organisations we work with, we strongly recommend you seek advice from your IT teams or external IT provider.

If you have any questions surrounding Ransomware or if we can assist in any way please fill out the enquiry form below or call 1300 307 907.