Our technicians and infrastructure experts at New Zealand Technology Group have recently noticed a marked increase in activity of ransomware, a particularly malicious form of malware attack on computers.
Ransomware is delivered to its victims via emails disguised to look completely legitimate. The recipient is instructed to either click on a link or open an attachment which then releases the malware onto their computer. The malware then goes about encrypting files which renders them unreadable. Further instruction is delivered to the victim demanding money for the decryption codes.
How to recognise ransomware
Authors of ransomware are becoming more cunning and sophisticated in their methods to deceive, so it can be difficult to recognise at first. But there are often a few clues to look out for.
1. Give the email the “smell test”
Are you expecting documents from someone? Is it normal for you to get emailed attachments from the sender? Does everything match from the From Address to the contents? Do you know the sender?
If it doesn’t smell quite right, DON’T OPEN IT! If you’re thinking “I wonder what this document is,” DON’T OPEN IT!
2. Check the email address.
Does the From name match the email address? e.g. From: “Australia Post” <natalia@xxxx.tv>
If you receive an email that looks like it could be from within your company, does the email address match your company email format? The person might not exist or there may be numbers in the email address which can indicate a forged address.
e.g. From: Sabrina [mailto:Sabrina075@yourcompany.co.nz]
3. Check the attachment.
Look out for attachments that have an exclamation mark, or have any of the following file extensions: .cab, .com, .docm, .exe, .js, .vbs (note: this is by no means an exhaustive list, but certainly do not open any files with these extensions).
4. Check spelling and grammar.
A lot of ransomware is authored from non-English speaking countries, so there can be clues in bad spelling or poor sentence construction.
What to do if you suspect a dodgy email
1. DO NOT CLICK ON IT!
– this is by far the best way to avoid any further trouble!
2. Delete the email immediately
3. Call the sender to verify
– they can always resend if it is legitimate.
How to recognise if you have been infected
Ransomware is deliberately written to go about its job unnoticed. When you click on the link or open the attachment, nothing obviously untoward will happen. When you go to access your files is when you will start to see anomalies such as file names changed, or files are made up of random numbers and letters. You will also notice files such as “How To Restore”.
What to do if infected
1. Shut down immediately.
Unplug your computer and disconnect from your network. This will stop the malware from running and minimise the number of files that it can infect. Disconnecting from the network will also help protect files that reside on servers. The faster you can react, the less files that are at risk of damage. Keep it isolated from the network until it has been scanned and confirmed to be clean.
2. Seek expert help.
The process of cleaning up a ransomware infection can be complex, so call Horizon Pacific on 0800 485 465, or MedStar on 0800 200 241 and our expert technicians will assist you.
3. DO NOT PAY THE RANSOM!
This opens up a pathway to criminals who will continue to harass you. Oftentimes paying the ransom will not buy you the decrytion codes anyway.
Minimising the damage
Even with the best practices and technologies in place, there is always the risk of the worst happening. These people are very clever and extremely cunning.
To help mitigate any risk and ensure that your files can be restored, it is essential that your data is backed up regularly. This should be common practice regardless, but if you are not, then start immediately. Don’t wait to lose critical data before you realise the importance of regular back ups.
Back up everything, and back up often. You should be backing up daily at an absolute minimum. You should also backup offsite and/or to the cloud – backups to your local machine are no longer sufficient as the malware has the potential to encrypt your backups as well. Test your backups. Make sure you know how to retrieve your data.
Prevention is the best medicine
Whilst keeping your anti-virus software up to date will keep away most offending malware, it still won’t stop everything. Use more than one product to cast a wider net. Keeping your operating system and application software up to date is also important as they are regularly updating their security. Keep Administrator level logins separate from User logins and don’t email or browse the internet using an account with elevated privileges.
Most importantly, even if you think you’re tech savvy, enlist the help of professionals rather than trying to do everything yourself. Our technical teams have all the knowledge and expertise to assist with prevention, back up, restoration and clean up. Call Horizon Pacific on 0800 485 465, or MedStar on 0800 200 241