Ransomware

Ransomware is a type of malicious software that can cause huge disruptions to businesses. Find out more through our top 10 questions and answers.

What is ransomware?

Ransomware is a type of malicious software that denies someone access to their files or computer system unless they pay a ransom.

Who can be targeted by ransomware attacks?

Ransomware attacks can happen to any size or type of business. They can target anyone working online from individuals and small businesses to large companies and government organisations. 

What are they trying to do?

Attackers are trying to illegally block access to systems and files that are critical to running a business. A successful attack can paralyse a business that is dependent on online resources.

Attackers will often ask for payment in cryptocurrency like Bitcoin, which is unregulated and difficult for authorities to trace. 

How do I know if I’ve been attacked?

The first sign of a ransomware attack is often a text file pop up or a background appearing on your screen telling you that you need to pay a ransom before you can access your desktop, your apps, or any of your files.

How can ransomware get into my business?

Cyber attackers target systems that have open avenues for attack. This could be through someone clicking on a link or an attachment contained within an email, or an attacker could exploit a weakness in a network or software.

What impact can it have on my business?

Ransomware attacks can cause huge disruptions to businesses including loss of income, assets, productivity or customer trust and goodwill. Digital resources like customer orders, databases and payment schedules can be blocked or lost. Businesses are also likely to suffer extra costs to get back up and running normally.

What should I do if I suspect my business has been attacked?

There are a few steps to take to limit the damage of an attack and help recover from one. Depending on what resources you have available these could be done by yourself, an in-house IT resource or a local computer services company:

  • Get your network offline immediately. The faster you do this, the more you can contain the spread of the malicious software. You can do this by simply taking out network cables from your workstation and unplugging your wireless router.
  • Restore your system from your most recent backup or restore your computer to its factory settings and reinstall your operating system if you don’t have a backup — but note that this may erase all of your files.
  • Check to see if you have 'real' ransomware on your computer. Scammers sometimes only claim to have installed ransomware as a tactic to get you to pay them.
  • Identify and install any additional security protection measures necessary.

Who should I report a ransomware attack to?

If you or your business experiences a ransomware attack or another cyber security issue, you can report it to CERT NZ, either via our online reporting tool, or our contact centre 0800 CERT NZ.

CERT NZ reporting tool

What should my business do to prevent a ransomware attack?

Make sure you have hard copies of all important documentation in case you’re unable to access your system and have a good response/recovery plan so your business can get back up and running. You should also take the following steps

  • Make sure you and your staff know how to spot the danger signs of phishing campaigns.

Phishing

  • Regularly install updates on software and devices to prevent attackers from exploiting vulnerabilities which they could use to get into your systems.
  • Implement two-factor authentication (2FA), which is usually a code that’s sent to your phone or an authentication app to verify your identity, in addition to using a password.

Two-factor authentication as a security tool for businesses

  • Back up business and customer data so if it’s lost or stolen you can recover it quickly. Backing up your data on an external hard drive or cloud service will enable you to access stolen data quickly.
  • Set up logs to record when particular actions are taken on your website and systems, and who’s done them. You will then be notified if any unusual or unexpected activity occurs.
  • Install antivirus and anti-ransomware software on your computer and update it regularly.
  • If you have support contracts with antivirus/firewall providers, make sure these are up to date too.
  • Don’t enable macros in Microsoft Office.

Should I pay a ransom?

CERT NZ strongly recommends people don’t pay ransoms. There is no guarantee that you’ll get your data back

Even if the amount seems quite small dollar wise, paying a ransom could put you at risk of further attacks because if an attacker sees that you're willing to pay them they could simply target you again.

If you do pay a ransom and receive your files back, it’s important you have the computer professionally inspected by an IT expert to determine if the attacker has planted any other malware on the computer, or created another way to access the computer and your data.

 You should try and identify how the ransomware got onto the computer in the first place to prevent it from happening again.

Help and advice is available from CERT NZ through our online reporting tool, or our contact centre 0800 CERT NZ.

CERT NZ reporting tool

Read CERT NZ Incident Response Manager Nadia Yousef's spotlighht on ransomware here.