Ramsonware, the latest and greatest computer virus, it holds your files hostage and demands you pay up. CryptoLocker, CryptoWall and TorrentLock are becoming more and more prevalent; without preventative measure they leave the user with one choice, pay up or lose your data.

Interestingly these types of attacks have been targeting Australians. Australia is the 6^th most targeted country in the world for ransomware with over 20 000 computers infected including  large profile businesses such as ABC, Telstra and Energy Australia.

How it works: Ransomware generally enters your computer from an email attachment.

 (Image courtesy of staysmartonline.gov.au)

The most recent ransomware phishing attack targeting Australia Businesses using CryptoWall 3.0.

In Australia, ransomware phishing has notably been disguised as Auspost failed parcel deliver emails and as of last week Resume emails. Generally attached as a .zip pretending to be a .pdf file, once executed, installs a program on your computer which encrypts your data until you meet its demands.

Determining which ransomware you have is important to understand how best to deal with it, there are three different types:

Scareware:

(Image Courtesy of Pcworld.com)

Scareware operates as an anti-virus, it demands payment to remove particular viruses it has found on your computer. Scareware gets its name because the viruses it detects are fake, they are using a scare tactic to get you to pay up. Generally, this type of ransomware can be removed by following an online guide.

Lock-Screen Virus:

(Image Courtesy of Softpedia.com)

Lock-Screen viruses are generally full-screen windows, locking you out of your system. Imitating the AFP or other government agency, they demand payment of a fine which you have incurred by breaking the law through your browsing. These can generally be removed with an online guide and do not encrypt your data.

Encrypting Malware:

(Image Courtesy of venturebeat.com)

Crpytolocker, Crpytowall and TorrentLocker. These encrypt your data and demand payment in exchange for the decryption of your data. Encrypting Malware is the worst and most destructive type of ransomware. You either meet their demands or your data stays encrypted forever.

(Note: Certain Ransomware imitates others. There have been many cases of programs pretending to be CryptoLocker but are in fact entirely different viruses)

The Australian Government has stated:

“The major problem with encryption based ransomware is that once your computer has become infected, the only way to recover your files is from a clean backup (if the backup has not also been encrypted) or by receiving the encryption key from the scammers.” – StaySmartOnline.gov.au              

We do not want to promote the growth of ransomware by suggesting that you oblige their demands, but for many people, this is the only way to retrieve their needed data. This is the same opinion as guides devoted to how to deal with these new attacks.

“In many ways this guide feels like a support topic on how to pay the ransom, which sickens me. Unfortunately, this infection is devious and many people have no choice but to pay the ransom in order to get their files back” – Ransomware Information Guide

If you are victim of ransomware you should:

1. Ascertain exactly which ransomware you have been infected by. There are many versions and different ransomwares, CryptoLocker ver.1 can be removed for free.
2. If you have Encrypting Malware that cannot be removed with a patch, you have three possible solutions:
   • Reformat your hard drive, any data encrypted by the ransomware will be lost.
   • Store the encrypted data. There is a chance that in the future the private keys will be recovered by law enforcement agencies and made publically available (this has happened for CryptoLocker ver.1).
   • Pay the ransom.

The last option should be used only as a last resort and should only be used if the data encrypted is needed and no backup exists. The reason for this is:

1. By agreeing to the criminals terms you are further perpetuating the use of this scam.
2. Although the data is restored inmost cases, there is no guarantee that the criminals will decrypt your data after you pay the fee.
3. Agreement to meet their terms could lead to you being extorted again in the future.

The guidelines suggested by the Australian Stay Smart Online to prevent ransomware attacks:

1. Use spam filters and be cautious when opening emails, especially if there are attachments.
2. Make sure you are using a reputable security product.
3. Make sure it is up-to-date and switched on.
4. Make sure your operating system and applications are up-to-date.
5. Run a full scan of your computer—regularly.
6. Set and use strong and unique passwords.
7. Set passwords on all your hardware devices (modems and routers).
8. Back up your data.
9. Keep a backup copy of your data in a safe place, disconnected from your computer and the internet.
10. Only visit reputable websites and online services.
11. Most up-to-date security software should identify and block ransomware.