Computer users are advised not to click on links or open attachments in uninvited or unexpected emails and be wary about the websites they visit as security researchers identify hazardous new versions of ransomware. They should keep regular backups of important files and store the backups in a location away from a network.
Ransomware is a type of malware that blocks access to computer files and forces the user to pay a ransom in order to release them. However, the FBI is reportedly investigating a particularly nasty version of ransomware known as Samas that attempts to encrypt files on computers across an entire network, rather than just individual computers.
As reported by Reuters, the FBI has warned businesses that the group behind Samas was utilising an automatic tool to find servers using an out of date version of popular software. They would then take advantage of a weakness in the software to install the ransomware remotely on computers connected to the network. The ransomware is also thought to delete backup files.
The most recent attack known as Petya is an email with a link to an infected file claiming to be a resume. Once downloaded and implemented, the malware crashes Windows and overwrites systems on the computer. A payment is demanded upon reboot. The ransom amount is doubled if the user does not pay by the deadline set by the criminals.
How to Stay Safe
If your computer has been infected by ransomware, you should update your system and restore the affected files from backup. I would suggest seeking technical advice if you are unsure about the next steps.
I don’t recommend paying any ransom demanded to decrypt files. There is no guarantee the attackers will give you a working decryption tool, and you are also not protected against future attacks.
You should also change all of the passwords and usernames on all computers, choosing strong passwords. Here is some advice on avoiding weak passwords.
If you would like to discuss your online security further please contact Multi IT & Telephony Solutions or phone 011 435 0450.