A reminder to all Macquarie College staff and students to continue to be vigilant as Ransomware is about and has been found in small through to large businesses both nationally and locally, in many cases completely crippling the businesses computer systems with large amounts of lost data.
What is Ransomware?
Ransomware is a type of malware that infects and restricts access to a computer system and / or files until a ransom is paid to unlock it. Malware is a general term that refers to Viruses, Trojan, and Ransomware. The difficulties are that most new strains of Ransomware are very hard to prevent because they prey on a person giving permission to activate the malware.
How does Ransomware work?
Effectively it is the same scenario as if you applied a password to a file and then you forget that password. Anti-virus cannot stop this as it’s a standard system function but one that renders your file inaccessible. This is effectively what you are giving ransomware permissions to do. What makes it so hard to prevent is that new variants render traditional security methodologies useless by prompting the user of the system to initiate the malware. The person is inadvertently giving the malware permission to encrypt files, an action that your staff can do at any time. The issue, of course, is that it does so with a key that you don’t know, effectively rendering the file useless. Further it does this to any file that the affected staff member has access to on your entire network, potentially all files.
Ransomware typically infects through malicious email attachments such as zip files, word docs, pdfs or emails that are designed to look legitimate and include a link to a site that infects your computer. These emails often appear to be from reputable companies or organisations in order to trick the user into opening the attachment.
Essentially after the Ransomware variant enters your computer, it will encrypt all of your data files, from your Word documents to your photos, videos and pdfs. It will then demand a ransom in order to get them back.
The best way to stay protected is to be cautious when browsing unknown websites, opening files and attachments from unknown sources and avoid using free scan tools.
1. Do not follow unsolicited web links in email messages or submit any information to webpages in links.
2. Use caution when opening email attachments
3. Use caution when sharing usb drives with others from unknown systems
4. User current up to date systems and AV components
Does AV help protect me?
The purpose of Anti-virus systems is to stop malware entering your network. The issue with Ransomware is that the affected staff member is confronted with something that is not Malware and that staff member inadvertently gives permission for the Malware to enter the network and become active rendering security layers useless.
Effects of Ransomware infection
If your PC has been infected with ransomware you will be unable to open files and may receive a pop up window asking for a ransom to be paid. If this has happened you should turn off and disconnect your PC from the network immediately and let your ICT staff know immediately as this may result in the further shutdown of systems.
Can I get the files back?
The only way to get your files back is from a back up if you have one as the ransom release success rate is very low and is officially advised against by the AFP and IT Security companies.