1.0 Introduction
Ransomware is a type of malicious software (malware) that infects a computer and restricts access to it until a ransom is paid to unlock it. This type of malware, which has now been observed for several years, attempts to extort money from victims by displaying an on-screen alert. These alerts often state that their computer has been locked or that all of their files have been encrypted, and demand that a ransom is paid to restore access. This ransom is typically in the range of $100–$300 dollars, and sometimes the cybercriminal demanded the ransom in Bitcoin.
2.0 Impact
The authors of ransomware put fear and panic into their victims, causing them to click on a link or pay a ransom, and inevitably become infected with additional malware, including messages similar to those below:
Ransomware doesn’t only target home users; businesses can also become infected with ransomware, which can have negative consequences, including:
3.0 Recommendation
Infections can be devastating to an individual or organization, and recovery can be a difficult process that may require the services of a reputable data recovery specialist.
It is recommended that users and administrators take the following preventive measures to protect their computer networks from ransomware infection:
For further enquiries, please contact MyCERT through the following channels:
E-mail: [email protected] or [email protected]
Phone: 1-300-88-2999 (monitored during business hours)
Fax : +603 89453442
Mobile: +60 19 2665850 (24x7 call incident reporting)
SMS : CYBER999 REPORT EMAIL COMPLAINT to 15888
Business Hours : Mon - Fri 09:00 AM - 18:00 PM MYT
Web: https://www.mycert.org.my
Twitter: http://www.twitter.com/mycert
Facebook: http://www.facebook.com/mycert.org.my
4.0 References
[1] US CERT: Crypto Ransomware [online], https://www.us-cert.gov/ncas/alerts/TA14-295A
2.0 Impact
The authors of ransomware put fear and panic into their victims, causing them to click on a link or pay a ransom, and inevitably become infected with additional malware, including messages similar to those below:
- “Your computer has been infected with a virus. Click here to resolve the issue.”
- “Your computer was used to visit websites with illegal content. To unlock your computer, you must pay a $100 fine.”
- “All files on your computer have been encrypted. You must pay this ransom within 72 hours to regain access to your data.”
Ransomware doesn’t only target home users; businesses can also become infected with ransomware, which can have negative consequences, including:
- Temporary or permanent loss of sensitive or proprietary information;
- Disruption to regular operations;
- Financial losses incurred to restore systems and files; and
- Potential harm to an organization’s reputation.
3.0 Recommendation
Infections can be devastating to an individual or organization, and recovery can be a difficult process that may require the services of a reputable data recovery specialist.
It is recommended that users and administrators take the following preventive measures to protect their computer networks from ransomware infection:
- Perform regular backups of all critical information to limit the impact of data or system loss and to help expedite the recovery process. Ideally, this data should be kept on a separate device, and backups should be stored offline.
- Maintain up-to-date anti-virus software.
- Keep your operating system and software up-to-date with the latest patches.
- Do not follow unsolicited web links in email. Refer to the Security Tip Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks.
- Use caution when opening email attachments. For information on safely handling email attachments, see Recognizing and Avoiding Email Scams.
- Follow safe practices when browsing the web. See Good Security Habits and Safeguarding Your Data for additional details.
For further enquiries, please contact MyCERT through the following channels:
E-mail: [email protected] or [email protected]
Phone: 1-300-88-2999 (monitored during business hours)
Fax : +603 89453442
Mobile: +60 19 2665850 (24x7 call incident reporting)
SMS : CYBER999 REPORT EMAIL COMPLAINT to 15888
Business Hours : Mon - Fri 09:00 AM - 18:00 PM MYT
Web: https://www.mycert.org.my
Twitter: http://www.twitter.com/mycert
Facebook: http://www.facebook.com/mycert.org.my
4.0 References
[1] US CERT: Crypto Ransomware [online], https://www.us-cert.gov/ncas/alerts/TA14-295A