New ransomware threat for Australia: SSO Alert Priority High
9 September 2014
Researchers monitoring CryptoWall ransomware, a new and increasingly pervasive type of ransomware, have recorded almost 20,000 infected computer systems in Australia.
Ransomware is a type of malicious software, or malware, used to extort money from victims by preventing access to their computer or files.
Much like the recent CryptoLocker ransomware, CryptoWall and other emerging types of ransomware such as TorrentLocker, encrypt files on your computer or network, rendering them useless unless you obtain the unlocking key—by paying the ransom.
Both CryptoWall and TorrentLocker have been noted by researchers as targeting Australians.
Individuals and businesses are strongly advised to adopt the measures outlined below to prevent infection by such malware. Recovery of infected systems is virtually impossible without clean backups. Prevention is the best approach to any malware, particularly ransomware.
Ransomware has become an increasingly common type of malware in recent years.
The ways you may be infected can be complex, but in simple terms, methods include via botnets and other malware, download via phishing messages or by visiting malicious websites.
Once on your computer ransomware can encrypt your files. You are then sent a message demanding a ransom be paid to regain access to your files.
Some less sophisticated types of ransomware (such as the recent police ransomware campaign) simply blocked access to your computer or pretended to lock your files. With careful action you can remove this ransomware and regain access to your files without paying the ransom.
More sophisticated ransomware like CryptoLocker and now these newer examples, CryptoWall and TorrentLocker, actually encrypt files on your computer. Without the encryption key you cannot access your files.
If you suspect your computer or network is infected by ransomware, you should seek technical advice immediately. Time is critical.
Growth of CryptoWall
Earlier this year authorities in Europe managed to take down a gang believed to be responsible for the majority of CryptoLocker attacks across the world. As a result, CryptoLocker attacks have declined, and many victims are also now able to recover previously locked files after encryption keys were recovered.
In its place has grown CryptoWall. A recent report on CryptoWall estimates that more than 625,000 systems have been infected worldwide. Australia was reported as being in the top six most targeted countries.
These newer ransom attacks appear to be new pieces of software, technically unrelated to CryptoLocker. Both CryptoWall and TorrentLocker employ more advanced encryption methods than CryptoLocker. Unfortunately, this means that the CryptoLocker file unlocker does not work for TorrentLocker or CryptoWall infected systems.
It is important to note that for many victims, paying the ransom may lead to files being returned to normal. However, because you are dealing with criminals, you should be aware this is extortion and there are no guarantees you will regain access to your data. The criminals may not respond, they may increase their demands or they may attack you again. Unless you take preventative action, your computer will still have the same vulnerability that caused it to become infected in the first instance.
Regardless of the type of ransomware, the same precautions will help you avoid it.
Prevention is the best antidote to ransomware and other malware attacks.
Use spam filters and be cautious when opening emails, especially if there are attachments.
Make sure you are using a reputable security product.
Make sure it is up-to-date and switched on.
Make sure your operating system and applications are up-to-date and fully patched.
Run a full scan of your computer—regularly.
Set and use strong and unique passwords.
Set passwords on all your hardware devices (modems and routers).
Back up your data.
Keep a backup copy of your data in a safe place, disconnected from your computer and the internet.
Only visit reputable websites and online services.
Most up-to-date security software should identify and block ransomware.
The major problem with encryption based ransomware is that once your computer has become infected, the only way to recover your files is from a clean backup (if the backup has not also been encrypted) or by receiving the encryption key from the scammers.
If you have a clean back up of your data, you can use this to restore your files once you have re-established your system, free of infection.
You can also keep a copy of the encrypted files in case future events make decryption possible. As happened with CryptoLocker, authorities may take down these ransomware gangs in the future. It might become possible to obtain the encryption key for your data.
Technical information for system administrators on CryptoWall software is available at this website and in this recent report by Dell SecureWorks.
For TorrentLocker, technical information is available at this website.
The information provided here is of a general nature. Everyone's circumstances are different. If you require specific advice you should contact your local technical support provider.
Thank you to those subscribers who have provided feedback to our Alerts and Newsletters. We are very interested in your feedback and where possible take on board your suggestions or requests.
This information has been prepared by Enex TestLab for the Department of Communications ('the Department'). It was accurate and up to date at the time of publishing.
This information is general information only and is intended for use by private individuals and small to medium sized businesses. If you are concerned about a specific cyber security issue you should seek professional advice.
The Commonwealth, Enex TestLab, and all other persons associated with this advisory accept no liability for any damage, loss or expense incurred as a result of the provision of this information, whether by way of negligence or otherwise.
Nothing in this information (including the listing of a person or organisation or links to other web sites) should be taken as an endorsement of a particular product or service.
Please note that third party views or recommendations included in this information do not reflect the views of the Commonwealth, or indicate its commitment to a particular course of action. The Commonwealth also cannot verify the accuracy of any third party material included in this information.