It's a virus that encrypts computer data preventing access until a ransom is paid to the attacker.
Ransom demands can be anywhere from a couple of hundred, to tens of thousands of dollars. Generally the bigger the business, the higher amount.
There are two main methods in which ransomware is distributed - malicious websites or malicious emails.
- These are created to get users to interact with files, which are downloaded to the user's computer
- After interacting with these files, the user's computer is infected with the ransomware
- The main form of distribution of ransomware usually arrives in a carefully crafted email
- 93 per cent of all phishing emails are actually ransomware
- These emails trick users into performing certain actions which lead to a ransomware infection
- The actions include opening attachments or clicking on a link to a malicious website
After falling victim to a successful ransomware attack, the victim will be unable to access their data.
A pop-up will appear on the desktop notifying the victim that all their data has been encrypted and the only way to decrypt it is to pay a ransom.
The preferred payment method is through a digital currency, such as Bitcoin. Paying a ransom does not always result in getting the encrypted data back.
Anti-virus software can only do so much against preventing ransomware infections. It's up to the you to do everything you can to reduce the chance of infection and the potential loss of both data and money.
Here's a few good practices to follow:
- Monash automatically patches our systems. If you're prompted to restart, do this as soon as possible
- Don't open emails from unknown sources and be wary of unsolicited emails that demand immediate action
- Do not click on links or download email attachments sent from unknown users or which seem suspicious. Even the more common .doc .xlsx .pdf files can contain ransomware
- Be wary of email attachments with these file extensions: .hta .js .exe .tmp
- Many ransomware attacks occur through word documents with embedded macros within them. Macros are disabled by default. If you receive a document requesting that you enable macros - be extremely cautious.
- When downloading files from the internet, run them through an antivirus scan
- Get into the habit of regularly backing up your data (especially at home). In the event that you get infected and lose your data, you'll have backups to fall back on.
- Contact the Service Desk immediately
- Disconnect your machine from the network to prevent spreading the infection to shared network drives.
- For home PCs, it's recommended to rebuild your entire PC and restore data from your personal backups.
Help and support
If you believe your account has been compromised, change your password immediately and contact the Service Desk
When phishing attempts are reported to us, we'll block access to the fake site from our network and contact the host of the website to have it shut down.