Go to whole of WA Government search

RansomWare

ransomware_padlockRansomware

Scammers are holding computer users to ransom and the way they are doing it is really simple – through emails that encourage you to open an attachment.

You might think the attachment is a document but in fact it contains malicious software, or malware for short.

Next thing you know you’ll get a pop-up to tell you that you are locked out of your computer and that your files have been encrypted (coded in such a way that you can only view them if authorised to do so).

The scammers will ask for payment to let you back in and will set a deadline for the ransom to be paid by.

They may ask for payment by electronic voucher, wire transfer or sometimes they will be brazen enough to take money by bank transfer or credit card.

Do not pay the scammers.

We know it’s easy for us to say but the fact is they are scammers, so even if you pay, they may not unfreeze your computer and unlock your files. They could just ask for more money.

You can try to find an online solution. Recently a free decryption tool was developed to help computer users who had opened the well-known ransomware trojan called Cryptolocker. As more versions of ransomware emerge, further antidotes will no doubt be made available. However, the scammers constantly change the coding of their malware to outsmart the solutions offered by recognised computer security businesses, so it’s a vicious circle.

You could also speak to a local computer technician for assistance. Use someone reputable or who is recommended by friends or family and has a physical address of business. Avoid service providers that you find online who offer remote assistance services and are not based locally.

Think before you click

The best way to prevent ransomware attacking your computer, network and files is not to open attachments that could be infected, especially those from unknown senders. 

You can usually tell what type of an attachment it is with an email by the ending of the document name, known as the file extension. This can be seen by hovering over the attachment. Cryptolocker for example was disguised as a ZIP file with a PDF icon but the file extension ended in .EXE

If in doubt about an attachment do not open it, delete it. Even if it appears to be from someone you know personally and trust, their computer and/or email account could have been hacked. If you want to discuss doubts about an attachment from a known sender, do it offline e.g. over the phone or in person. 

Computer security 

You need to make sure your computer is protected with an up-to-date security system (firewall) anti-virus software, anti-spyware etc.

Also regularly back-up important files on to an external hard drive or consider cloud storage.

Think about what you have stored on your computer and the impact of losing it, particularly if you are using it for business as well as personal use.

Examples of ransomware

  • AFP computer seizure scam - a pop-up message claims your computer has been frozen by the Australian Federal Police and you need to pay a fine by Ukash.

  • Webcam blackmail scam – a photo is taken of you via your webcam and the pop-up requesting money features your photo to add credibility to the threat.

  • Australia Post Delivery Notification – an email tells you that you missed a parcel drop-off and need to collect the item. This is prevalent at Christmas-time.

  • Speeding fine – you receive an email from a debt recovery office for a supposedly unpaid fine.

You can also see a TV story about ransomware on our media section.

Pop-ups on phones or devices claiming they are locked until payment is made

WA ScamNet has received reports from people whose phones have been completely locked, or of internet pop-ups claiming that a device has been locked. 

Generally the advice is not to pay the money and to take the device to an approved repairer or the manufacturer to have it checked for malicious software, viruses etc.

If a consumer pays the ransom it is likely that the scammer will continue asking for money, perhaps claiming that the old problem was fixed but they have discovered a new issue.

The email address on the scam pop-up example, taken from an iPhone screen, is dodgy because Apple don't use Gmail. 

RansomwareiPhonescam

Summary:

  • Never negotiate with scammers and do not pay them as it’s likely they will come back for more money. 

  • If your computer is locked by scammers, use an alternative device to Google or YouTube search for a step by step process to unlock it. If that doesn’t work speak to a local computer technician. 

  • To avoid your computer being compromised in the first place never click links or attachments unless you 100% trust the source and have checked the file extension on any attachment. With links type the known url (web address) into your browser rather than clicking through as an extra safety precaution.

  • Keep your protection software like anti-virus, anti-spyware and firewall up-to-date and scan your computers/network regularly.

Fight back 

You can help raise awareness by sharing this warning with people you know. It’s easy to print the page and put it on a noticeboard or you can send it via email or social media. 

Page created: 5 December 2014