What does a Ransomware attack look like?
The usual way a person becomes infected with Ransomware is inadvertently clicking on a “dodgy” link or installing rogue software from an untrusted website. Once Ransomware takes hold of your machine it will begin to encrypt selected files on your device. These encrypted files cannot be recovered without a code purchased from the Ransomware creators, usually at a significant cost. After this happens the malware solicits you to pay this fee, usually with a strict deadline before your files are unrecoverable. Ransomware typically uses strong encryption methods that make it impossible to get your files back without the original key, which only the Ransomware creators hold.
In summary, the Ransomware nasty is holding your files hostage and asking for a payment to unlock them, hence the name Ransomware.
Attackers usually only accept payments in the form of Bitcoin, providing an anonymous Bitcoin wallet address to send to. One of the attractive aspects for malware creators of Bitcoin is that the currency doesn’t provide any method of recovering the funds and all transactions are final. This means that the victim is powerless to retrieve any money paid even if they successfully recover their files, and the transaction is totally anonymous.
In Florida, June 2019, three government agencies were infected with Ransomware. In all three cases, the origin of the Ransomware was an employee opening an email attachment from a malicious sender. Once open the software is capable of traversing through a person’s local network and spreading to other machines. In one of these cases, Lake City paid out $460,000 USD in Bitcoin to the attackers with no guarantee this would actually result in their files being restored.
What you can do to stay safe?
Make sure that email attachments come from someone that is trustworthy and the attached file is something you would expect to come from them. Remember, if you don’t trust an email, please contact the ITS helpdesk on 4008 or forward your email to help@waikato.ac.nz where one of our friendly consultants can verify it’s authenticity and safety.
Max Gernhoefer