What is ransomware?
Ransomware is a common and dangerous type of malware. It works by locking up or encrypting your files so you can no longer access them.
A ransom, usually in the form of cryptocurrency, is demanded to restore access to the files. Cybercriminals might also demand a ransom to prevent data and intellectual property from being leaked or sold online.
The effects of ransomware
Ransomware can cause severe damage to both individuals and organisations. You could face significant downtime while you restore your devices and data to their original state.
If you don’t have a backup, it could be impossible to recover your files.
Downtime or data loss can hurt your reputation, and cost you money.
What to look for
Ransomware can infect your devices in the same way as other malware or viruses. For example:
- visiting unsafe or suspicious websites
- opening emails or files from unknown sources
- clicking on malicious links in emails or on social media.
Common signs you may be a victim of ransomware include:
- pop-up messages requesting funds or payment to unlock files.
- you cannot access your devices, or your login doesn’t work for unknown reasons.
- files request a password or a code to open or access them.
- files have moved or are not in their usual folders or locations.
- files have unusual file extensions, or their names or icons have changed to something strange.
Case Study: Ransomware attacks can be devastating, but backups protect what matters most.
How backing up saved a business from ransomware.
Ransomware can happen to anyone, anywhere, at any time, and for one business, it did. With assistance provided by the Australian Cyber Security Centre (ACSC), the business recovered from the attack, files intact and avoided months in downtime.
Gerri, who worked at a small design firm, noticed one morning they could not access a design file. The file extension was different and the icon was a blank page rather than the usual logo. Suspecting something, they raised it with their colleague Simon.
Simon decided to look at all the files on their server and noticed in real time that their files were being encrypted randomly, making them unusable.
“We actually caught it happening and then I pulled the plugs on everything and managed to save a lot,” said Simon.
A txt file titled ‘Read Me’ popped up – it was a note sent by a cybercriminal saying the files were encrypted with ransomware. The note demand a ransom in cryptocurrency to unlock them.
Simon took a screenshot of the ransom note and ran anti-malware and anti-virus on all their machines. He quickly called the Australian Cyber Security Hotline on 1300 CYBER1 to report the ransomware attack and seek advice about how to recover.
Luckily, the business was following ACSC best practice advice and kept regular backups of their work to cloud servers and external drives, as well as a Network Attached Storage device.
Due to Simon’s quick thinking and awareness, he was able to save the majority of their files; however, they lost some newer files that were encrypted by the ransomware.
The business consulted an IT professional, who reformatted their systems to ensure there was no trace of ransomware on their networks, as well as updated their anti-virus software.
Unfortunately, the encrypted files could not be recovered, taking the business an additional 2 weeks to recreate the lost work and to get all the systems back up and running.
“The downside was having to reload the software onto the systems, which took hours for some.” said Simon.
However, if it was not for the backups made prior to the attack, the situation could have been much more severe.
“Backup all your stuff daily… if it wasn’t for that we would have been stuck for months.” said Simon.
The ACSC has updated its ransomware guidance to help Australian individuals and businesses protect themselves and respond to a ransomware attack.
The ACSC is here to help all Australians impacted by cyber incidents. ACSC cyber security advice and assistance is available 24/7 through the Australian Cyber Security Hotline (1300 CYBER1) and through ReportCyber.
Never pay a ransom
There is no guarantee you will regain access to your information, nor prevent it from being sold or leaked online. You may also be targeted by another attack.
The practical guides below will help you to protect yourself against ransomware attacks and tell you what to do if you’re held to ransom.
If you get stuck
Call the Australian Cyber Security Centre 24/7 Hotline on 1300 CYBER1 (1300 292 371) if you need help, or contact an IT professional for assistance.
Our practical guides
Have you been hacked?
Find out what to do if you think you’re the victim of a cybercrime.
Protect yourself against ransomware attacks
A ransomware attack could block you from accessing your device or the information on it. Take some time to consider how a ransomware attack might affect you.
What to do if you're held to ransom
This guide has simple steps to follow if you are a victim of ransomware. The first section will teach you how to identify ransomware and stop it from spreading. The second part will help you avoid another ransomware attack.