Ransomware — it’s a scary sounding word and indeed, a type of cyber attack that you certainly want to avoid. Ransomware is a form of malware that is usually spread through phishing emails and malicious attachments. Once downloaded onto your computer, the malware quickly encrypts all of your files, rendering them unreadable. The only way you can regain control over your device? Paying a fee — or a ransom — to have the virus removed.
The Northern Territory Government recently fell victim to a ransomware attack that targeted one of its cloud-based IT systems. After being forced to turn off all systems for three weeks, they worked with the Australian Cybersecurity Centre and managed to get the situation back under control, without loss of data. This incident occurred despite security officials carefully blocking around 46 million suspicious emails in 2020 and updating protocols regularly.
Such an incident demonstrates the necessity of maintaining proper security measures against ransomware attacks.
How does ransomware operate?
Ransomware is primarily spread through two channels: corrupt emails and malicious websites.
Corrupt emails: Be suspicious of any email from an unknown sender, particularly if it asks you to open an attachment or click onto a link. If you receive an email from a business known to you, check carefully for any visual signs that something is amiss. This can include spelling and grammar mistakes or poor formatting. Online criminals often seek to imitate well-known companies in an attempt to trick their victims.
Clicking on links and downloading files from corrupt emails can result in ransomware downloading to your device. Once installed, it can lie dormant for years until the cybercriminal decides it’s time to act.
Malicious websites: We’ve all clicked onto a website only to have pop-ups appear immediately, informing us that our device is infected with hundreds of viruses and requires a deep clean. Clicking on those ads will, ironically, likely infect your computer or smartphone device with malware.
The following messages may signal an incoming or ongoing ransomware attack:
- ‘Irregular system filing activity’, indicating that the ransomware is accessing your files.
- ‘Load on server’, showing ransomware-related encryption or deletion.
- ‘Misbehaviour of network’, demonstrating communication between ransomware and the attacker’s control system.
- ‘Declined access to files’,indicating that the ransomware has taken control of your device.
Preventive measures against ransomware
Ransomware attacks are generally random in nature and the targeted victim can range from big multinational companies to small domestic systems. Larger companies are often targeted, as they provide the perfect opportunity to obtain masses of personal data to be sold on the dark web. Preventive measures, including those listed below, are essential and form the first line of defence against criminals seeking to encrypt your data.
- Regularly back up your data. Should your device become infected with ransomware, a back-up ensures that all your information will be safe and you will not have to go through the stress of negotiating with the ransom hackers.
- Monitor your files carefully. Ransomware can be installed onto your device and lay dormant for years, until the cybercriminal decides that it is time to act. Checking your system for suspicious folders and extensions can save you time, hassle and stress.
- Avoid suspicious emails. Never click on links or downloads from unknown senders and immediately delete spam messages.
- Regularly update your device. Both iOS and Windows systems roll out updates to patch pre-existing security issues and defend against evolving cyber security attacks, including ransomware.
- Invest in security software. This is a must-have tool to defend yourself against ransomware attacks and other types of cyber threats.
- Have a plan of action. Should your device be infected with ransomware, it is best to have a straightforward plan that can be immediately implemented to prevent any further damage from occurring.
Response to a ransomware attack
Despite the best preventative measures, ransomware attackscan occur to anyone — including the Australian Government. Responding immediately can mitigate further damage, particularly if the infected device is part of a larger server.
- Disconnect all networks and external drives including internet, ethernet, and remote-access servers. The device should immediately enter ‘digital quarantine’.
- All infected or suspicious files should be reviewed by an IT professional. Ensure the system is completely safe before restoring any files that have been backed up.
- Consider notifying the relevant authorities including the ACCC and police.
Information is power and cybercriminals will go to any lengths to obtain valuable data. Backup your data, regularly update your security software and remain on the lookout for ransomware attacks.
Bridget is a writer and editor, currently living in Melbourne. She is a copywriter for Newpath Web and loves working with words of all shapes and sizes. When not playing around with punctuation and grammar, she enjoys travelling and curating her Spotify playlists.