skip to log on skip to main content
VoiceOver users please use the tab key when navigating expanded menus
Article related to:

Types of scams

Ransomware and ransomware attacks

Security specialist

2024-09-18 00:00

Estimated reading time
 min

Key points

  • Ransomware is a type of malicious software that, when it infects your device, may lock your files until you pay a ‘ransom’ – often cryptocurrency or a large sum of money.

  • From installing antivirus software to avoiding suspicious links, there are several things you can do to help protect yourself against ransomware attacks.

  • Changes to your files and malicious messages appearing on your screen could be signs of a ransomware attack.

Imagine receiving an unexpected email from a company you have never purchased from. The message urges you to click on the link for a discount code, and if you are curious, you might click on the link.

Instead of making the most of the online shop’s offerings, you’ve accidentally installed software that locks up your files and denies you access. When you try opening a file, a message may appear on your screen: ‘Pay a ransom, and you can access your files again!’. So, what do you do here? Would you pay the ransom – even though there’s no guarantee you will regain access to your files once you’ve paid it?

This type of scenario can happen to anyone. In fact, according to the Australian Signals Directorate, one in ten reported cybercrime incidents between 2022 and 2023 were ransomware attacks.1 Knowing how to protect your devices and what to look for could make a significant difference.

That’s why we’re here with the facts on ransomware so you might better protect your files. 

 

What is ransomware?

In its simplest form, ransomware is a common type of malicious software (malware). When the ransomware is installed on your device, it can lock your files and often block access to your computer systems or network so you can’t access them.2 The cybercriminals do this by encrypting your files or remotely locking you out of your own operating system.

Once the ransomware has locked up your files and compromised your system access, you might receive a pop-up message from a cybercriminal demanding a payment (the ransom). This can look different depending on the type of ransomware or perpetrators of the attack, but it will generally be designed to look like a common software error message or simple text and a countdown clock. Either way, it will cover the screen with directions to pay them money to ‘unlock’ your computer.

Once you pay (often through cryptocurrency transfer),3 the cybercriminal might promise to reinstate access to your files by providing a decryption key to unlock the device. This may not happen, and paying a ransom doesn’t guarantee you’ll get everything back.

Cybercriminals may also promise to stop sensitive information and customer details (in the case of a business malware attack) or your personal information (in the case of a personal malware attack) from being distributed online after they receive your ransom. Remember, there is no guarantee that cybercriminals will be faithful to their word, so you should never pay a ransom before contacting the appropriate authorities.

 

How can ransomware affect you?

As ransomware locks up your files, restoring your devices and data will take some time. If you don’t have backed-up data, it might be impossible to recover your files. For business owners, a ransomware attack might disrupt your daily operations and hurt your reputation.

However, you can help protect your files, photos, and business by taking steps to stop ransomware attacks before they occur.

Ransomware can enter your systems through:

  • Clicking on a link or downloading an attachment that was in an email, phone message, or private message on social media.

  • Visiting a malicious website that downloads ransomware without your knowledge.

  • Clicking on a malicious link in a social media post that installs the ransomware onto your device.

  • Apps you download onto your phone, computer, or tablet that come from untrusted sources, such as a downloading an app through a message or from a website that isn’t an official app store.

  • You insert an infected USB into your device.

Cybercriminals might use ransomware to find and use your personal information and photos to extort you.

Consider this case study from the Australian Signals Directorate (ASD):

While working at their design firm, a staff member noticed a file looked different (the icon was black, and the extension had changed), and they could not open it. After alerting a colleague, they watched other files become encrypted before their eyes. Next, a message popped up that said, ‘Read me’, and in it were demands from a cybercriminal to pay a ransom. Luckily, with help from the ASD and the Australian Cyber Security Centre (ACSC), the business could retain its files, and it didn’t have to pay the ransom. 

 

How to help protect yourself from a ransomware attack

  1. Be wary of unexpected text messages, calls, or emails. If someone pressures you to open a link or download a file, it might be a scammer or a ransomware attack. Above all else, don’t open any links or files that are sent to you out of the blue.

  2. Turn on automatic updates on all your devices. This may help strengthen any weaknesses in your device, which might reduce the likelihood of cybercriminals accessing your files or device.

  3. Use antivirus software to help prevent, detect, and remove any ransomware on your device. Your device may have antivirus software already installed, but it is wise to purchase additional security if you want the extra protection.

  4. Back up your data regularly. You can make a copy of your files, like important documents or photos, and save them on a physical storage device (like a hard drive) or an online storage solution (often called ‘the cloud’). Should you experience a ransomware attack, knowing you can restore your files afterwards can give you some peace of mind.

  5. Activate multi-factor authentication (MFA) on all devices and accounts. This extra layer of security can make it difficult for cybercriminals to get what they want.

  6. Be strict about access control on your applications and devices. You can control who can access your device’s apps and data through your phone and computer settings, reducing the likelihood of cybercriminals getting onto your device. For example, a computer might have an ‘administrator’ account, which might have more control over the device than other accounts, or you can check your phone’s app permissions through the settings to ensure it can’t access anything unrelated to its function like your files, photos, contacts, or location.

  7. Consider restricting your employees’ user access ability (permissions) to install and run unwanted software applications. Ensure that your employees can only access the data, resources, and apps they need to do their job. Restricting these privileges may prevent malware from running or limit its capability to spread through the network.

  8. Configure your ‘macro’ settings so they are not enabled in email attachments. Macros are powerful tools for improving productivity, but cybercriminals can use them to compromise your systems. If you use Microsoft Office, you can learn more about how to do this here

 

How to tell if your device might beis under a ransomware attack

  • Antivirus software and your backup system have been removed or disabled before your files become locked.

  • Critical files, such as documents containing personal information or photos, become locked. This means you can’t open them or move them to a different location on the device.

  • Some or most of your files might have a different extension – the three or four letters after the file name that represents its file type. For example, a Word document usually has a file name of ‘.doc’ or ‘.docx’, but a corrupted file might have something else.

  • You might receive a ‘ransom’ note from the cybercriminal. This note threatens you to pay the ransom to access your files or protect your information from being sold or misused. Never, ever pay this ransom – you can’t guarantee that you will get access to your information or stop the cybercriminal from distributing it online. Instead, contact the police and seek help from the agencies listed below. 

 

How to recover from a ransomware attack

If you’ve experienced a ransomware attack, here’s what you might do to recover from it:

  • Take detailed notes of the attack and what was affected. This includes listing any files that were deleted or have a new extension, screenshotting or noting the details of the ransom note, and anything else that’s changed since the ransomware attack. This can help authorities in a potential investigation.

  • Turn off and unplug the device that had the ransomware on it. This might help prevent the ransomware from spreading to other devices.

  • Disconnect other devices on the same Wi-Fi or server, as the ransomware might spread across the network.

  • Change all passwords, as some ransomware might steal them.

  • If you’ve shared financial information or transferred money, contact your bank immediately. If you’re an ANZ customer, contact us immediately to report the fraud.

  • If you shared credit card details, ‘block’ or cancel those cards immediately. If your cards are with ANZ, you can report the stolen card through the ANZ app or by calling us.

  • If you’ve transferred money or paid the ransom, the Australian Government Department of Foreign Affairs and Trade (DFAT) recommends that you immediately contact the Australian Sanctions Office (ASO) and report it to the appropriate authorities, such as Scamwatch and ReportCyber

 

Who to contact if you experience a ransomware attack

anzcomau:content-hubs/security/scams,anzcomau:content-hubs/security/delivery-methods-for-scams-and-fraud
Ransomware and ransomware attacks
ANZ
Security specialist
2024-09-18
/content/dam/anzcomau/images/security-hub/types-of-scams/what-is-ransomware-banner-1200x800.jpg

Stay cyber-smart on all devices

We want all Australians to feel confident and safe when using their devices. With handy tips and tricks that are simple to follow, the ANZ Security Hub is your one-stop shop for protecting yourself and your devices from cybercriminals.

Take me there

 

The information set out above is general in nature and has been prepared without taking into account your objectives, financial situation or needs. Before acting on the information, you should consider whether the information is appropriate for you having regard to your objectives, financial situation and needs. By providing this information ANZ does not intend to provide any financial advice or other advice or recommendations. You should seek independent financial, legal, tax and other relevant advice having regard to your particular circumstances.

References

1. Australian Signals Directorate, ASD Cyber Threat Report 2022–2023, 2023.

2. Australian Cyber Security Centre, Ransomware prevention guide, 2022.

3. Australian Government, Ransomware action plan, 2021

Top