Ransomware is a common and dangerous form of malware, or malicious software, that can steal data or cause damage to a computer or computer system.
Ransomware encrypts a target’s files so they can no longer be accessed. A ransom, usually in the form of a digital currency, is demanded to restore access to the files. Criminals may also threaten to leak or sell sensitive data or intellectual property if a ransom is not paid.
Ransomware can cause severe damage to both individuals and organisations. Affected businesses can face significant downtime, financial losses, and damage to their reputation.
The Australian Cyber Security Centre (ACSC) outlines what to look out for and how to protect yourself against a ransomware attack.
Red flags to look out for
Ransomware can infect your devices in the same way as other malware or viruses. For example:
- Visiting unsafe or suspicious websites.
- Opening emails or files from unknown sources.
- Clicking on malicious links in emails or on social media.
Common signs you may be a victim of ransomware include:
- Pop-up messages requesting funds or payment to unlock files.
- You cannot access your devices, or your login doesn’t work for unknown reasons.
- Files request a password or a code to open or access them.
- Files have moved or are not in their usual folders or locations.
- Files have unusual file extensions, or their names or icons have changed to something strange.
The importance of backups
If you don’t have your data backed up, it could be impossible to recover your files.
You can store backups using the cloud (which is like storing the data on the internet) or on physical media (such as external hard drives).
The ACSC provides valuable advice on backups including step-by-step guides for Apple iOS, Mac, and Windows devices.
The Ransomware Backup & Response Register is a template that can be used to record key information relating to how backups will be taken and who to contact in an emergency.
Other ways to protect yourself
Besides taking regular backups, the ACSC outlines other ways to secure your devices and stop ransomware attacks in its Ransomware Prevention Guide including:
- Regularly update your devices.
- Implement access control.
- Use anti-virus software.
- Turn on ransomware protection.
- Disable macros.
- Turn on multi-factor authentication.
- Use unique passphrases.
The guide also includes a Ransomware Prevention Checklist to confirm that you have taken the right steps to prevent a ransomware attack from happening or reduce its impact.
Never pay a ransom
Paying a ransom does not guarantee recovery of data, and only helps promote ransomware as a profitable criminal enterprise.
One key initiative of Australia’s Ransomware Action Plan is to educate industry, businesses and the community on how to respond to an incident, including clearly stating that the Australian government does not condone the payment of a ransom to cybercriminals.
How to respond to a ransomware attack
Besides being aware that a ransom should not be paid, it is important to know how to respond to a ransomware attack. In its Ransomware Emergency Response Guide, the ACSC outlines how to:
- Respond to a ransomware attack:
- Record important details (e.g. take a photo of the ransom note).
- Turn off and unplug the infected device.
- Disconnect your other devices.
- Change important passwords.
- Recover from a ransomware attack:
- Recover your information.
- Remove ransomware from infected drives and devices.
- Restore your information.
- Report the incident.
- Prevent future attacks.
This information is also summarised in a handy one-page guide.
Ransomware can cause significant harm to individuals and businesses. It is important to be aware of the red flags to look out for, and if impacted, never to pay a ransom. Taking regular backups and following other guidance from the ACSC will help to ensure a strong response to ransomware attacks, give you the best chance of recovering, and help to prevent future attacks.