September 2015, Issue 69

  

Beware of Ransomware
 

Centre for IT Services

Ransomware is a type of malware (malicious software) that restricts access to a computer system or files that it infects, and demands that the user pay a ransom to the operator of the malware in order to remove the restriction.

According to a Symantec April 2015 report, there were 8.8 million ransomware attacks in 2014 – more than double the 4.1 million attacks in 2013.

Ransomware is one of the nastiest forms of attack for victims. When the malware is downloaded onto your computer without your knowledge, cyber criminals (or hackers) use the malware to encrypt the data files on your hard drives, portable drives or network drives, and demand payment to unlock these infected files.

Once the files are infected with the malware, there is no guarantee that the files can be reinstated or accessed even after the ‘ransom’ demanded has been paid. The best way to recover the files after the infection is to restore from good file backup. 

 

Your computer can be infected if you have unknowingly downloaded the ransomware by:

  • Browsing at websites which may be infected with malicious contents
  • Clicking on hyperlinks or opening email attachments with malicious contents 

Here are some useful tips and control measures to protect your computer against ransomware:

  1. Ensure that your computer operating system is always installed with the latest system vulnerability patches.
  2. Ensure that your computer is well-protected with anti-virus software with the latest updates.
  3. Ensure that your applications are always up to date.
  4. Avoid surfing of unknown or untrusted websites.
  5. Be wary of unsolicited emails with attachments even if they are sent by people you know, as the sender could have already been infected with the malware.
  6. Do not use applications from non-reputable sources.
  7. Perform regular backup and save multiple backup copies of your computer files to a secured external device. 

NTU computers are equipped with TrendMicro OfficeScan anti-virus software. Below is an example of an alert/pop-up message from OfficeScan:

 

If you suspect your computer has been infected with ransomware or any other malware, please alert Service Desk-NSS (servicedesk@ntu.edu.sg) or CIRT (cirt@ntu.edu.sg).  Please do not attempt to shut down the computer, clean the malware on your own or delete/forward any suspected files.
 

More information
Beware of New Ransomware Phishing Emails - http://enewsletter.ntu.edu.sg/itconnect/2015-05/Pages/Crypt0L0cker.aspx
Ransomware 101: What, How, and Why - http://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/ransomware-101-what-it-is-and-how-it-works