Ransomware is a type of software that restricts access to a victim’s computer, data or files, and demands a ransom to be paid to the perpetrator in order for the files to be unlocked. Unlike other online scams, what makes ransomware so dangerous is how it targets recipients with personal information such as their full name, location, workplace and job description, to mislead unsuspecting internet users.In the Asia-Pacific region, Australia is one the most targeted countries when it comes to ransomware and this trend isn’t expected to slow down anytime soon. Some recent ransomware incidents include major Australian organisations such as Australia Post and the Australian Federal police being used as lures to target victims with a ransomware email, tens of thousands of computers being hit with the ransomware scam titled ‘Locky’, and more scams such as Cryptolocker, TorrentLocker, and TeslaCrypt. Despite ransomware becoming increasingly common, complex and threatening to individuals and businesses in Australia, there is still little understanding of best practices when facing a ransomware attack, and how to protect against ransomware. Furthermore, there are a lot of misunderstandings regarding whether ransoms should be paid in the face of an attack, which leads to further misinformed actions on what to do if a ransom is paid, if the data or files aren’t returned after payment, or how to report a ransomware attack and protect against future threats.
The dilemma
Many companies and victims are willing to pay to recover encrypted data, as the risk of losing important data and information could be catastrophic. However, the ethical problem with this is that, by doing so, they are funding the activities of e-criminals. i.e. There is the argument that if you give in and pay the ransom, you’ve directly contributed to the wellbeing of criminality. In many cases, it’s a purely economic decision: it’s cheaper to pay up than lose the data. There is also the risk, however, that even after paying these e-criminals, they might not give you the desired decryption key to unlock your files or anything else in return.
To pay or not to pay?
If companies don’t pay once they have been attacked, they will most likely not get their data back – sometimes there is an effective and free decrypter available, but the damage may already be done by the time this is used. Also, by not paying the scammer, they risk damaging the livelihoods of all staff, including those right at the bottom of the hierarchy who are generally less likely to survive any severe damage to their finances. Facing all these risks and more, it is important for companies to take active measures to avoid falling victim to ransomware scams, and instead invest in appropriate security and preventive measures to stop ransomware attacks before they start.
What can Australians do to protect themselves from ransomware attacks?
Internet users and businesses that don’t understand ransomware or how to be proactive in defending themselves against it, only become larger and easier targets for e-criminals. Companies and individuals need to invest in a structured and sophisticated security strategy to defend themselves against all sorts of cybersecurity threats, with ransomware being only one kind of threat that should be on their radar. Businesses should also try to create backup versions of data offline on a regular basis. This enables them to rely on a backup instead of paying e-criminals during a ransomware attack. Finally, businesses and individuals can:
- Show hidden file extensions to avoid being tricked by fake extensions such as ‘.PDF.EXE’
- Install a strong security solution capable of detecting and blocking new ransomware variants as they appear.
- Patch or update software as malware attacks often depend on vulnerabilities in outdated software