Ransomware is a type of malicious software that denies someone access to their files or computer system unless they pay a ransom. This type of attack can target anyone, from individuals and small businesses to large organisations.
The first sign of a ransomware attack is often a text file pop up or a background, or that you are suddenly unable to access or open any files.
The attacker will then demand that you pay money ‘a 'ransom' to get your files back.
Ransomware can get into your computer in the same way that malware or a virus does for example, through a phishing campaign, which is a type of email scam.
There are steps you can take to recover from a ransomware attack but the best thing you can do is understand how to prevent an attack in the first place:
- Always update your operating system and your apps when new versions are available. You can set this up to happen automatically with Windows and a lot of other applications like Office.
- Make sure you back up your files regularly. This includes the files on your computers, phones and any other devices you have. You can:
- Do an 'offline' or 'cold' backup. Back up the data to an external hard drive and then remove the hard drive from your device.
- Do a cloud backup to Dropbox or a similar online hosting service.
- Install antivirus and anti-ransomware software on your computer and update it regularly.
- Don’t enable macros in Microsoft Office.
If you’re affected by ransomware
- Restore your system from your most recent backup.
- Reinstall your operating system if you don’t have a backup, but note that this may erase all of your files.
- Report it to CERT NZ, either via our online reporting tool at www.cert.govt.nz/report, or our contact centre 0800 CERT NZ.
- Talk to your IT support person or a local computer services company if you need help with anything. They can:
- Check to see if you have 'real' ransomware on your computer. Scammers sometimes only claim to have installed ransomware as a tactic to get you to pay them.
- Restore your computer to its factory settings and rebuild it for you if they can’t remove the malicious software, this may also erase all of your files.
- Advise you on security to protect yourself in the future.
- Install security protection for you.
CERT NZ doesn’t recommend that anyone pay ransoms because there is no guarantee you’ll get your data back. Paying a ransom could also put you at risk of further attacks because if an attacker sees that you're willing to pay them they could simply target you again.