What is a Ransomware?
Ransomware is a kind of cyber-attack (scripting malware) that involves hackers taking control of a computer system or holding a victim's file, blocking access to it until a ransom is paid.
For cyber-criminals to gain access to the system they need to download a type of malicious software onto a device within the network. This is often done by getting a victim to click on a link or download an attachment by mistake. When Ransomware is triggered, commonly-used files will be encrypted with strong encryption and mostly irrecoverable such as user documents (words/excel), images, audios, videos, etc.
This attack occurs locally or sometimes across the network (shared folders, mapped drives, etc.) Once the software is on a victim's computer the hackers can launch an attack that locks all files it can find within a network. This tends to be a gradual process with files being encrypted one after another.
What will happen:
As Ransomware is scripting malware and growing in a wide range of families and variants (Locky, Jigsaw, Wallet, WannaCry, etc.), it is made hard to be detected quickly by most Antivirus software. Some of the cases where after the attack is triggered (user documents are being encrypted or locked), the source of the scripting malware will self-destruct.
Currently, the recovery of any data infected by Ransomware is extremely difficult. The best way to guard against Ransomware is to prevent it from happening.
Awareness / Prevention:
- 1. Protect your email with a reputable security suite
- 2. Avoid clicking embedded links, attachments, videos, etc. found in unverified emails
- 3. Do not download unknown or unverified software/scripts
- 4. Always back up your important files
- 5. Regularly update software, programs, applications
SYMPTOMS & ACTION
Below are the examples of symptoms encountered when a machine is suspect to be infected by Ransomware.
1. Your files are not able to access/is changed to random extension (e.g. from ".doc" to ".uvwxyz")
2. Computer wallpaper/website prompt requesting for a ransom payment
Immediate actions to be taken:
- 1. Disconnect your machine immediately from the network (unplug LAN cable or turn off Wi-Fi)
- 2. Run a full virus scan on your machine
- 3. Do not plug in any removable media (pen drive or external hard disk)
- 4. Contact ACM QuickSupport at 62962910 (Option 2)
For more information, please contact us by our hotline at 62955962 or email us at firstname.lastname@example.org.