Over the last few weeks, Sentrian have been called upon to help a number of victims recover from CryptoLocker ransomware attacks.
You, your business and other Australians are now being actively targeted for a ransom. Malicious software ('malware') like CryptoLocker, CryptoWall and other ransomware are no longer some far-off, looming threat. They have already successfully attacked many Australian businesses with increasingly sophisticated attacks. Assuming you're not interested in paying thieves to recover what is rightfully yours, once infected your only course of action is to restore files from backup. It's time to know how to protect yourself!
1. Why is CryptoLocker, CryptoWall or any other ransomware dangerous?
Unlike other types of malware or scams, ransomware attackers will specifically target their victims. This means online scammers will craft their attack specifically to trick you into compromising your computer, often by sending emails from people or businesses that you regularly deal with. Ransomware is very direct and focuses solely on trying to get you to pay an amount of money, rather than installing behind-the-scenes software to steal your details over time. It's basically a virtual hold-up.
Ransomware works a lot like a phishing attack but is more aggressive. It covertly installs itself on your computer and then locks away, or encrypts, your essential data, preventing you from accessing it. When you try to access the encrypted data, instead of being able to access it you will be prompted with a webpage demanding payment for you to regain access. It will also warn that any attempt to decrypt the data will result in it being deleted.
Sometimes the page demanding payment will even try to look as if it is a legitimate business. It may even describe the payment as a purchase of 'decryption software' or include a 'Frequently Asked Questions' section. Don't be fooled by these attempts by the ransomware to appear as if this is a normal practice. Paying and giving over more of your information will only result in more issues and pain.
3. How it infects your computer
Ransomware typically tries to install itself through a scam email by asking you to click on a link, rather than opening an attachment. Recent attacks have been generally targeting Australians by pretending to be Australia Post, Telstra and ANZ Bank but they can go even further and target your business specifically. Here are some recent examples of what they try to get you to do:
- Print off a postage receipt (see image below) to collect an undelivered package from Australia Post
- Claim an unfulfilled refund or paying an outstanding bill from Telstra
Once ransomware infects your computer, it can infect any networked device, including cloud data services like Dropbox and OneDrive. This means if you share any drives or folders with other people and they get infected, your data can be encrypted by the ransomware too. That's why it's vital for you and anyone you share data with to understand how ransomware works.
4. What can I do to protect myself and my business?
Being sceptical or suspicious about unsolicited emails and dubious websites is the best approach. Even if you are expecting a package, have an unpaid bill or recently opened a bank account, look out for obvious errors in the email. Here are some quick tips:
- Hover over links instead of clicking them to verify their legitimacy.
- Access the legitimate service or website through your web browser, without clicking any links in the email.
- Look out for spelling mistakes, bad grammar and emails addressed to 'the customer' or just your email address instead of your name.
- Never download images or click on links from emails that were quarantined, even if you think they may be legitimate. Always verify or access their information by other means, for example, navigate to your online accounts directly through your browser.
- Don't rely solely on your anti-virus scanner. Some anti-virus software may struggle to identify dangerous links and some suspicious emails through.
- Even clicking unsubscribe links in emails can infect your machine. If you're sick of receiving emails or think they're suspicious, always place the unwanted emails in your spam folder.
If your machine is compromised by ransomware, your backup is your last hope of accessing its data. Your backups should not be directly connected to your machines, otherwise they also run the risk of being encrypted by the ransomware. Best practice will have your backups done at regular intervals and stored off-site. Backing up your data is crucial to protecting your business generally.
The best defence is being aware. Please use the share tools below to circulate this information to your colleagues and help reduce the risk of infection in your organisation.
If suspect your network has been compromised by a CryptoLocker attack, please request support immediately.