Management

Can You Afford a $3000 Ransom?

You turn on your computer one morning only to be greeted by a screen stating that your computer is locked and unless you immediately pay perhaps thousands of dollars your computer will remain frozen and unable to perform any useful tasks.

You are being held to ransom!

The latest malware is called just that, Ransomware that has now reached our shores and hackers are making a fortune from it. It is probably the most dangerous of all viruses and more about that shortly.

CERT Australia, the national Computer Emergency Response Team, has confirmed an increase in the volume of Ransomware targeting Australian organisations. They describe it as a type of malware (malicious software) that typically locks a victim’s computers and often also encrypts data on the system. A display screen usually follows that demands payment to unlock or decrypt the data. Two such attacks on businesses in Alice Springs were reported to the Northern Territory police on 21 September.

CERT advises that examples often include a fake warning claiming that the victim’s computer has been associated with criminal activity. For example, the extortionist may claim to be from the fake Anti Cyber Crime Department of Federal Internet Security Agency and that paying a fine immediately will unlock the computer and avoid further criminal proceedings.

This is an attempt to extort money. As with any extortion, you are advised not to pay.

The attackers are known to commonly use Microsoft Remote Desktop Protocol as an entry point to your network, possibly using authentication credentials obtained by key loggers or accessing systems with weak credentials, meaning passwords and the like.

So why is it so dangerous? Let me describe just some of the possible consequences.

First, since you are required to pay a ransom you will have to do so by credit card.

That payment facility is provided on the “ransom screen”.

It is difficult to determine where your credit card information is going. This credit card information might be stolen by the hacker and then used against you so watch your card account closely and report any nefarious transactions to your bank.

Instead of taking your computer hostage just once, ransomware will often infect your system multiple times. You might need to pay a recurring monthly fee in order to use your computer or the fee might escalate every day. Reportedly, claims may be for the immediate payment of $3000 with a further $1000 for each day the ransom remains unpaid.

Clearly, you should not be paying Ransomware anything in the first place but if you do end up paying the ransom, it won’t be cheap. Obviously, the point of ransomware is to lock down the user’s computer to a point where it’s impossible to do anything except pay the ransom. That means you won’t be able to look on the Internet for solutions to your problem. Instead, you’ll have to access the Internet from another computer and figure out the best way to proceed.

It is possible your computer might not even be fixed after you pay the ransom: In some cases, the Ransomware will not even release your computer after you pay the ransom. It might simply take your credit card payment and then demand more money. This is why it’s always a bad idea to give any information to a Ransomware program.

This now emphasises the need to do a full back up of your computer on a daily basis, particularly if it is your business work horse. The back up should be to another computer and/or stored isolated and remote from the normal system in use. This is where cloud storage could well come into its own.

Similarly all your software should be up-to-date. That means all your anti-virus protection, firewall, system files and indeed restore points. Preferably your whole system should be imaged as part of this back up.

AN44-1-Intonet-notice

How can you be infected? Here there is nothing very new. As stated above it may be via RDP or some unfamiliar link clicked on in an email or a malicious web site visited with your browser. It emphasises the desirability of a sandbox system or running on a VPN. These are things I have dealt with quite recently in a number of my articles. I have also stressed the importance of keeping your business computer for only that purpose and nothing else.

When this virus first surfaced it was suggested the safest browser to use was Chrome. Indeed it was until earlier this year, when during the annual malware code competition, even that browser was shown to be susceptible to cracking.

By now you are asking the obvious: how to remove Ransomware?

Removing Ransomware might seem impossible but it’s not. In fact, even computer users with only a basic knowledge of system security should be able to figure out how to remove a Ransomware infection from their computer. If you are comfortable diving into your computer I suggest you do some reading on the web. There are quite a few sites with excellent options. I will let you decide on which methods you would feel comfortable with. Just remember that this virus also comes in a variety of flavours so be thorough in your investigations.

Here HitmanPro’s Force Breach Mode is a very useful tool that should be run from a thumb drive. Additionally you may choose to use a bootable antivirus CD. There are many easily found resources available.

If you do not understand Safe Mode, Regedit or how to adjust your bios settings get your computer guru to get you out of trouble. Just do not over estimate your own abilities; you may finish up having to re-format your hard drive and thereby lose all your files and having to re-install your operating system. I suggest that you start staying abreast of this kind of issue by subscribing to Stay Smart Online that is a very user friendly portal to Cert Australia. You will find it at www.staysmartonline.gov.au

CERT Australia offers additional information on mitigation for similar security risks; refer to the documents Strategies to mitigate targeted electronic intrusions and Defence in Depth Principles and Resilient Backups publication, available at:

http://www.staysmartonline.gov.au/information_service/advisories or direct from https://www.cert.gov.au/advisories

I hope you deal with this issue seriously and expediently. If you do find yourself caught or suspect that you have been the victim of cyber crime report it to the police immediately. Just remember the world is shrinking rapidly due to the diversity and power of every day technology – tomorrow may be too late.

Arvo Elias
Cybercons

Related Articles

0 0 votes
Article Rating
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments
Back to top button
WP Tumblr Auto Publish Powered By : XYZScripts.com
AccomNews
0
Would love your thoughts, please comment.x
()
x