Ransomware Attacks: how to mitigate and what to do if attacked

It’s important to be aware that malicious emails and compromised systems are the top two most common cyber security incidents. As we have so much of our lives on our computers and online, we need to be careful of suspicious emails, especially when they have a file or link attached to them. It can be devastating if a cyber-criminal gains access to your personal information and demands a ransom from you.

 

 

Firstly, what is a ransomware attack?

 

A ransomware attack is a malware virus that requires the victim to pay a ransom to access encrypted files. These attacks can encrypt a persons connected electronic devices, folders and files, making systems inaccessible. Ransomware attacks are quite common as they are low-cost and minimal technical experience is required, and organisations pay large ransoms to get their access and data back.

 


How common are they?

 

According to the Australian Cyber Security Centre (ACSC), the most common type of cyber security incident was ‘malicious email’ (27% of cyber reports). The second most common incident was a ‘compromised system’ (24% of cyber reports).

 

The highest amount of reported cyber-attacks was reported from the Commonwealth, state and territory governments. This is due to the close working relationship with the ACSC and their willingness to report incidents. Australia’s critical infrastructure sectors such as electricity, water, health, communications and education, reported around 35% of the incidents responded to by the ACSC.

 

 

How does it work?

 

The three most common ransomware attacks from cyber criminals are Emotet, Trickbots and Ryuk.

 

Emotet is a malware that is embedded through phishing emails. It’s most commonly spread through attachments such as Word documents or PDF’s.

 

When an Emotet is activated, it’s common for this attack to then activate a Trickbot. A Trickbot infects a network but silently collects your user credentials and other information in your network.

 

Ryuk is a ransomware attack that most commonly targets enterprise environments. This ransomware attack uses Emotet and Trickbot malware to initially gain access, but then can compromises your systems and encrypt almost all file types. Once a cybercriminal has successfully encrypted files, they will ask for a very high amount of money for return of the files.

 

 

How can you minimise the risk of being attacked?

 

  • Be suspicious of any unusual emails with attachments and links. These attachments and links most likely have a malware virus in them that will be activated upon clicking.
  • Be suspicious of emails demanding personal information or urgent money requests.
  • Never give someone remote access to your computer.
  • Turn on two factor authentication for essential services such as email, bank and social media accounts.
  • Update old passwords and don’t recycle passwords for multiple accounts.
  • Promptly update software, as cybercriminals are looking to take advantage of weaknesses in software.
  • Isolate regular data backups from the main network and the internet, to protect copies of important data and files you have.

 

 

What should you do if you are attacked?

 

In the event that you fall victim to a ransomware attack, the Australian Cyber Security Centre (ACSC) strongly advises not to pay the ransom demands. Paying the ransom demand not only encourages the cybercriminal market, but there is also no guarantee that you will get your data back. It is easier and safer to restore data from backups then to attempt to decrypt ransomware affected files.

 

In the image below, the ACSC outlines how to report cyber incidents and provides resources that can help you in the event of a cyber-attack.


How can DataUp help?

 

DataUp can help with our mail protection service, which can help you avoid accidentally opening one of these encrypted files. DataUp’s mail protection services include;

  • Forwarding all clean and legitimate emails to you.
  • Holding spam emails. You will receive a spam report twice a day to be able to release these emails.
  • You will be provided with the reason why each email is blocked.
  • You are able to release spam and infomail into your inbox, but you are not able to release viruses.

 

DataUp also has an Offsite Backup service, to help you back up and recover all your important files. This service includes;

  • Automatic offsite backup of your data.
  • You choose when the scheduled backups take place.
  • The back up only transfers parts of the data that have changed, competing the backup faster.

 

 

If you or your organisation are looking for data security or email protection, get in touch with DataUp, and let our friendly team assist you.

 

Phone: (08) 7200 6081

 

Email;

Sales: enquire@dataup.com.au

Support: support@dataup.com.au

 


References:

Australian Cyber Security Centre 2020, ACSC Annual Cyber Threat Report, Australian Cyber Security Centre, viewed 20 October 2020,< https://www.cyber.gov.au/sites/default/files/2020-09/ACSC-Annual-Cyber-Threat-Report-2019-20.pdf>.

 

Merriam-Webster Inc. 2020, Ransomware | Definition by Merriam-Webster, Merriam-Webster Inc., viewed 20 October 2020,<https://www.merriam-webster.com/dictionary/ransomware#:~:text=Definition%20of%20ransomware.%20%3A%20malware%20that%20requires%20the,of%20a%20new%20class%20of%20threats%20called%20ransomware.>.