From: Get Cyber Safe
Ransomware is a form of malware that infects your computer or device. Cyber criminals will try to trick you into downloading ransomware by disguising links or downloadable files to look legitimate. Ransomware can be disguised as an attachment in a phishing message or even as a download on a website. Ransomware allows cyber criminals to infiltrate your systems and stop you from accessing your files or devices unless a ransom fee is paid. You’ll know if you have ransomware because cyber criminals will send you a ransom note stating your devices or data have been compromised and locked until the ransom request is paid.
Transcript
The internet is home to an infinite amount of great content.
There are videos of cats,
pictures of cats,
GIFs of cats,
(On screen text: me: Don't open that email from drake. also me: I should open it)
(On screen text: CUTE)
memes with cats in them, you name it —
(On screen text: change wallpaper to ‘cat_01_cute?”.)
lots of great stuff lives on the internet.
Unfortunately, there are also cyber threats out there that can prevent you from enjoying an endless stream of cat-based content.
(On screen text: MALWARE)
One of the most common cyber threats is malware:
(On screen text: VIRUS)
(On screen text: WORM)
malicious software created to cause damage to your data, device or network.
(On screen text: SPYWARE)
(On screen text: TROJAN HORSE)
There are many types of malware that serve lots of different purposes.
Ransomware is one of them.
(On screen text: RANSOMWARE)
Ransomware is pretty much what it sounds like - a type of malware that holds your data, devices or network for, well, ransom.
Ransomware locks your screen or encrypts your files and holds them hostage until you send money
(often in an untraceable digital currency like Bitcoin) to the attackers
Unlike some other types of malware, it’s very easy to tell if you have ransomware on your system.
(On screen text: Hello I’M RANSOMWARE)
(On screen text: “c:\threat message. We have all your files if you want them back transfer money to this account: url.2398hj2nk”)
That’s because it proudly announces itself - usually with a popup page explaining the terms of the ransom.
(On Screen text: “THERE HAS BEEN ILLEGAL ACTIVITY RECORDED ON YOUR DEVICE.”)
Sometimes ransomware messages look like they’re from law enforcement, saying your device is locked because you’ve done illegal things online.
This scare tactic is a lie to make people panic and react.
(On Screen text: How do you protect yourself?)
So how do you protect yourself?
Luckily, the steps to prevent malware are basic cyber safety measures you should be doing anyway, like
(On screen text: “new email.” “hello user YOUR ACCOUNT IS IN gEOPARDY dabsjdla(*&(@gmail.com”.)
keeping an eye out for phishing messages
(On screen text: “Update”)
making sure your OS and software are updated
(On screen text: “Antivirus, Filter, Firewall”)
using cyber security tools like antivirus software, spam filters and firewalls and frequently backing up your files offline.
(On screen text: Backing up)
When it comes to ransomware, this one is extra important.
(On screen text: “Click here for our newest deals” "Yes" "No" )
(On screen text: “YOUR ACCOUNT HAS BEEN COMPROMISED!” )
Being careful can prevent most malware on your device, but it only takes one click to get compromised.
If your device is infected with ransomware, don’t panic! Here’s what you can do to minimize the damage:
(On screen text: “Wrong Nope Stop Stop Disconnect!”)
First, disconnect all devices from your network as soon as possible.
Some ransomware can spread to other connected devices.
Next, report the attack to law enforcement and, if necessary, call an IT expert to help you remove the malware.
You should also do a bit of cyber security cleanup,
(On screen text: “Would you like to change your password?” “Would you like to update?” )
like changing your passwords and updating your devices.
(On screen test: DO NOT PAY)
(On screen text: SEND E-TRANSFER? no NO)
Most importantly: do whatever you can to avoid paying.
You could end up on a list of people and organizations known to pay ransoms, putting yourself at even more risk for repeat attacks.
If your files are backed up, it will be easier to restore your data without paying the ransom.
Ransomware can seem scary.
(On Screen text: “TIME TO BACKUP!”)
But being prepared for the worst-case scenario can make it a lot more manageable,
so you can quickly get back to doing what you love online.
(On screen text: getcybersafe.ca)
Visit getcybersafe.ca for more information and advice on all things cyber security.
There are two common types of ransomware:
- Lock screen ransomware, which displays an image and prevents you from accessing your computer
- Encryption ransomware, which encrypts files on your system’s hard drive that prevents you from accessing them
- This form of ransomware can also encrypt shared networks, USB drives, external hard drives and even some cloud storage devices
How do you get ransomware?
The most common tactic cyber criminals use to spread ransomware is deception. Like other forms of malware, ransomware can gain access to your system through links or downloading attachments or programs. Some of the most common methods cyber criminals use to trick their victims into downloading ransomware are through phishing messages and spoofed or malicious sites. Spoofed or malicious sites may appear to look legitimate but will contain malicious content that can corrupt your systems. In some cases, phishing messages can be disguised to look like they’re from your boss, an acquaintance or even your IT department. You should always validate email addresses, phone numbers and URLs if something seems suspicious before you download programs, follow links or open attachments.
How can ransomware affect my business?
Ransomware can affect your business significantly. No organization is too big or too small to become a victim of a ransomware attack. These attacks can happen anywhere at any time, regardless of whether you work at home or at a work location.
If your systems are compromised by a ransomware attack, your organization could be unable to perform business as usual. You could also lose important data if your systems aren’t backed up and your data isn’t stored in a secure environment. Cyber criminals will refuse to return your data or unlock your systems if you don’t pay a ransom. In some cases, they may even try to negotiate for more money. It is important to protect your organization to keep your information secure.
How can I protect my organization from ransomware?
You can protect your organization and sensitive information by securing your systems and network. The best way is to avoid clicking on suspicious links or downloading suspicious attachments. Ensure you and your employees recognize the signs of phishing and the importance of routinely backing up your data. Here are some other security measures to consider when securing your business from ransomware:
- Regularly back up your data
- Store sensitive data backups offline and offsite
- Enable automatic updates and system patches on all work devices
- Set up security tools including anti-virus software, a firewall, and a VPN on your organization’s devices and networks
- Ensure your staff is trained on best cyber security practices
- Create an incident response plan and practice ransomware simulations with your team for a smooth recovery
- Be aware and spread awareness on risks of ransomware attacks
How can I recover my systems and devices after an attack?
If your business falls victim to a ransomware attack, it’s best practice to never pay the ransom. There is no guarantee you will regain access after making the payment and it will leave your organization vulnerable to future attacks. You can take these steps to restore your systems and get back to business:
- Isolate the device that has been compromised
- Identify the type of ransomware through research or technical support
- Remove the ransomware with the help of technical support
- Reset and wipe all data from compromised and connected devices
- Update all the software and firmware on the systems
- Restore the device from the latest backup
- Run anti-virus scans
- Change passwords on any affected accounts including connected devices that could also be compromised
Following these steps, your organization should be back up and running accordingly with little down time.
How do I report a ransomware attack?
If you experience a ransomware attack, report it to the Canadian Centre for Cyber Security through My Cyber Portal or email contact@cyber.gc.ca. You should always report cyber attacks so the proper authorities can investigate the root of the attack. This also helps you to protect any sensitive information that may have been compromised.
You should also report ransomware to the Canadian Anti-Fraud Centre (CAFC) and your local police. Reporting malicious activity like ransomware can help protect your organization from future attacks and help other businesses from being compromised.
Conclusion
Ransomware is becoming an increasingly common threat to small- and medium-sized businesses and individuals, so it’s important to be aware and prepared. For more detailed and technical information pertaining to larger businesses of critical infrastructures and high-value data, please refer to the Ransomware playbook (ITSM.00.099).