This ransomware information has been provided by CERT NZ.
Ransomware is a type of malicious software that denies a user access to their files or computer system unless they pay a ransom.
Ransomware can target anyone, from individuals and small businesses to large organisations like government departments and hospitals. It can prevent you using your computer by encrypting, or scrambling, your files so you can’t read them. The attacker will demand that you pay money — a ‘ransom’ — to get your files back. They’ll often ask for payment in an online currency like Bitcoin, which is harder to trace than regular cash.
The ransom is often quite small, to encourage people to pay it. The attacker will assume that it’s easier for you to pay the ransom than to get someone to fix the problem. But, it’s important to know that paying a ransom doesn’t guarantee you’ll get your data back. More often, the attacker will simply take your payment and leave your files encrypted.
The two main types of ransomware
- Crypto-ransomware encrypts your files with an unknown password. The password is randomly generated by the attacker to make it impossible for you to guess. You won’t be able to access your files until you pay the ransom and get the password to unlock them from the attacker.
- Lockscreen ransomware works by locking your computer or your files. A message will appear on your screen telling you that you need to pay a ransom before you get access back. You won’t be able to remove the message or access your desktop, your apps, or any of your files.
Ransomware can get into your computer in the same way that malware, or a virus, does. For example, this can be from:
- visiting unsafe or suspicious websites
- opening emails or files from someone you don’t know
- clicking on malicious links in social media, like Facebook posts.
If you’re affected by ransomware, there are ways to get your data back without paying the ransom. But the best thing you can do is understand how to prevent an attack in the first place.
Preventing a ransomware attack
Here’s what you can do to reduce the likelihood of a ransomware attack on your computer.
- Always update your operating system and your apps when new versions are available. You can set this up to happen automatically with Windows and a lot of other applications like Office.
- Make sure you back up your files regularly. This includes the files on your computers, phones and any other devices you have. You can:
- do an ‘offline’ or ‘cold’ backup. Back up the data to an external hard drive and then remove the hard drive from your device
- do a cloud backup to Dropbox or a similar online hosting service.
- Install antivirus and anti-ransomware software on your computer if you don’t already have it, and update it regularly.
- Install a firewall on your computer to stop traffic from untrustworthy sources getting into your computer.
- Don’t enable macros in Microsoft Office.
- If you have your own business, make sure you keep your support contracts — with your antivirus provider or your firewall provider for example — up to date.
If you’re affected by ransomware
There’s a number of steps you can take to fix your computer if it’s infected by ransomware.
- Restore your system from your most recent backup.
- Reinstall your operating system if you don’t have a backup — but note that this may erase all of your files.
- Talk to your IT support person or a local computer services company if you need help with anything. They can:
- check to see if you have ‘real’ ransomware on your computer. Attackers sometimes install fake ransomware to scare people into paying them
- try to get rid of ransomware from your computer, depending on the type of ransomware it is
- restore your computer to its factory settings and rebuild it for you if they can’t get rid of the ransomware — this may also erase all of your files
- advise you on security to protect yourself in the future
- install security protection for you.
You can also consider paying the ransom, but be aware that paying it doesn’t guarantee that you’ll get your data back.
This information has been provided by the New Zealand Computer Emergency Response Team (CERT NZ).
Report an incident
If you’ve been affected by ransomware, you can report the incident to CERT NZ:
Visit the CERT NZ website to find out how CERT NZ use reporting information they receive.