Public Service Announcement: Local Business attacked by Ransomware
On the 5th of July 2017, the Police Service received notice from a local company, that their computer systems had been compromised by ransomware. The message for the victim was to pay $200,000.00 or be at risk of losing all computer information. The Police Service Technical Crimes Unit was able to work with the victim and prevent the computer systems from being lost.
What is Ransomware?
Ransomware is malicious software (Malware) that aims to prevent access or usability of a computer unless a ransom is paid to unlock the computer. Often times there is a limited amount of time to pay the ransom to prevent permanent loss of data. More sophisticated ransomware can propagate through a network and can rapidly infect multiple computers including servers. Programmers are constantly working to patch vulnerabilities in computer software that can be exploited by criminals hoping to extort people and companies.
How does it work?
A user can inadvertently give access to malware through email attachments and internet links, installing untrusted programs or pirated software. More current malware that has seen attention in the news around that world uses a process called cryptoviral extortion, which, simply put, means that the malware encrypts the data on your computer and will only provide the unlock code once the ransom is paid. Major corporations have reported being extorted for millions of dollars.
How do I protect myself?
Keep anti-virus programs updated, never open unknown email attachments and be wary of links in emails from people or companies that you don’t have previous contact with. Maintain “least privilege” principal on company computers. This means that company computer users should have the minimum amount of access that is required to do their jobs. This can prevent users from inadvertently installing Malware on their computers.
What do I do if my computer is infected with ransomware or other Malware?
Despite all the efforts of IT professionals and anti-virus companies, Malware and ransomware still finds ways into computers. Some malware can be removed by a skilled IT professional other sophisticated malware is essentially impossible to remove without the unlock code due to its level of encryption. If your data is important you should make periodic backups of your data so that your computer can be restored easily. If one does decide to pay the ransom, which may vary from a few hundred dollars to millions of dollars, there is no guarantee you will receive the unlock code. Remember, these are criminals you are dealing with. The best practice is to maintain data back ups.