skip to log on skip to main content
VoiceOver users please use the tab key when navigating expanded menus
Find ANZ Support Centre
Find ANZ Contact
Article related to:

Types of scams

Ransomware: How attacks work and how to protect yourself

ANZ Security specialist

2024-09-17 04:30

Estimated reading time
 min

Key points

  • Ransomware is a type of malicious software that, when it infects your device, may lock your files until you pay a ‘ransom’ – often cryptocurrency or a large sum of money.

  • From installing antivirus software to avoiding suspicious links, there are several things you can do to help protect yourself against ransomware attacks.

  • Changes to your files and malicious messages appearing on your screen could be signs of a ransomware attack.

Imagine receiving an unexpected email from a company you’ve never bought anything from offering a discount. You’re curious, so you click the link. Ransomware silently installs - locking your files and demanding payment to restore access.

Even if you pay, there’s no guarantee your data will be restored.

Ransomware attacks like this can happen to anyone. That’s why it’s crucial to understand how ransomware works, take steps to protect your devices and know how to recover if you have already been impacted.

We’re here with the facts on ransomware so you might better protect your personal and financial information. 

 

What is ransomware?

In its simplest form, ransomware is a common type of malicious software (malware). When the ransomware is installed on your device, it can lock your files and often block access to your computer systems or network so you can’t access them.1 The cybercriminals do this by encrypting your files or remotely locking you out of your own operating system.

Once the ransomware has locked up your files and compromised your system access, you might receive a pop-up message from a cybercriminal demanding a payment (the ransom). This can look different depending on the type of ransomware or perpetrators of the attack, but it will generally be designed to look like a common software error message or simple text and a countdown clock. Either way, it will cover the screen with directions to pay them money to ‘unlock’ your computer.

Once you pay (often through cryptocurrency transfer),2 the cybercriminal might promise to reinstate access to your files by providing a decryption key to unlock the device. This may not happen, and paying a ransom doesn’t guarantee you’ll get everything back.

Cybercriminals may also promise to stop sensitive information and customer details (in the case of a business malware attack) or your personal information (in the case of a personal malware attack) from being distributed online after they receive your ransom. Remember, there is no guarantee that cybercriminals will be faithful to their word, so you should never pay a ransom before contacting the appropriate authorities.

 

How can ransomware affect you?

As ransomware locks up your files, restoring your devices and data will take some time. If you don’t have backed-up data, it might be impossible to recover your files. For business owners, a ransomware attack might disrupt your daily operations and hurt your reputation.

However, you can help protect your files, photos, and business by taking steps to stop ransomware attacks before they occur.

Ransomware can enter your systems through:

  • Clicking on a link or downloading an attachment that was in an email, phone message, or private message on social media.

  • Visiting a malicious website that downloads ransomware without your knowledge.

  • Clicking on a malicious link in a social media post that installs the ransomware onto your device.

  • Apps you download onto your phone, computer, or tablet that come from untrusted sources, such as a downloading an app through a message or from a website that isn’t an official app store.

  • Inserting an infected USB.

  • Session hijacking, where a cybercriminal intercepts your online session to gain access to your device, systems, or data.

Cybercriminals might use ransomware to find and use your personal information and photos to extort you.

Consider this case study from the Australian Signals Directorate (ASD):

While working at their design firm, a staff member noticed a file looked different (the icon was black, and the extension had changed), and they could not open it. After alerting a colleague, they watched other files become encrypted before their eyes. Next, a message popped up that said, ‘Read me’, and in it were demands from a cybercriminal to pay a ransom. Luckily, with help from the ASD and the Australian Cyber Security Centre (ACSC), the business could retain its files, and it didn’t have to pay the ransom. 
 

How to help protect yourself from a ransomware attack

  1. Be wary of unexpected text messages, calls, or emails. If someone pressures you to open a link or download a file, it might be a scammer or a ransomware attack. Above all else, don’t open any links or files that are sent to you out of the blue.

  2. Turn on automatic updates on all your devices. This may help strengthen any weaknesses in your device, which might reduce the likelihood of cybercriminals accessing your files or device.

  3. Use antivirus software to help prevent, detect, and remove any ransomware on your device. Your device may have antivirus software already installed, but it is wise to purchase additional security if you want the extra protection.

  4. Back up your data regularly. You can make a copy of your files, like important documents or photos, and save them on a physical storage device (like a hard drive) or an online storage solution (often called ‘the cloud’). Should you experience a ransomware attack, knowing you can restore your files afterwards can give you some peace of mind.

  5. Activate multi-factor authentication (MFA) on all devices and accounts. This extra layer of security can make it difficult for cybercriminals to get what they want.

  6. Be strict about access control on your applications and devices. You can control who can access your device’s apps and data through your phone and computer settings, reducing the likelihood of cybercriminals getting onto your device. For example, a computer might have an ‘administrator’ account, which might have more control over the device than other accounts, or you can check your phone’s app permissions through the settings to ensure it can’t access anything unrelated to its function like your files, photos, contacts, or location.

  7. Consider restricting your employees’ user access ability(permissions) to install and run unwanted software applications. Ensure that your employees can only access the data, resources, and apps they need to do their job. Restricting these privileges may prevent malware from running or limit its capability to spread through the network.

  8. Configure your ‘macro’ settings so they are not enabled in email attachments. Macros are powerful tools for improving productivity, but cybercriminals can use them to compromise your systems. If you use Microsoft Office, you can learn more about how to do this here

 

Signs of a ransomware attack

If your device is under a ransomware attack, you may notice several alarming signs:

  • Anti-virus and backup systems disabled. Your antivirus software or backup solution may be removed or turned off before your files are encrypted.

  • Important files are locked or inaccessible. Personal documents, photos, and other critical files may suddenly become locked. You won’t be able to open, edit, or move them.

  • File extensions have changed. Many of your files might have unfamiliar extensions. For example, a Word document normally ends in .docx, but ransomware may rename it to something like .zzz or .encrypted.

  • You receive a ransom note. A message may appear demanding payment to unlock your files or prevent your data from being leaked or sold. This is a scare tactic used by cybercriminals to pressure victims into paying.

 

 

How to recover from a ransomware attack

If you’ve experienced a ransomware attack, here’s what you might do to recover from it:

  • Take detailed notes of the attack and what was affected. This includes listing any files that were deleted or have a new extension, screenshotting or noting the details of the ransom note, and anything else that’s changed since the ransomware attack. This can help authorities in a potential investigation.

  • Turn off and unplug the device that had the ransomware on it. This might help prevent the ransomware from spreading to other devices.

  • Disconnect other devices on the same Wi-Fi or server, as the ransomware might spread across the network.

  • Change all passwords, as some ransomware might steal them.

  • If you’ve shared financial information or transferred money, contact your bank immediately. If you’re an ANZ customer, contact us immediately to report the fraud.

  • If you shared credit card details, ‘block’ or cancel those cards immediately. If your cards are with ANZ, you can report the stolen card through the ANZ app or by calling us.

  • If you’ve transferred money or paid the ransom, the Australian Government Department of Foreign Affairs and Trade (DFAT) recommends that you immediately contact the Australian Sanctions Office (ASO) and report it to the appropriate authorities, such as Scamwatch and ReportCyber

 

Who to contact if you experience a ransomware attack

  • Report the scam to the Australian Signals Directorate’s ReportCyber portal. This resource is there for reports of scams where money or personal information has been lost.

  • Help others by reporting to Scamwatch to help them prevent future losses, monitor trends and educate the population about emerging threats.

  • For phishing or identity theft associated with government accounts such as Centrelink, Medicare, or Child Support, contact the Services Australia scams and identity helpdesk on 1800 941 126 or visit their website.

  • You can also contact IDCare, a not-for-profit organisation providing support to those experiencing identity and cyber security concerns.

  • Contact your bank immediately if you have shared personal or financial information.

  • If you’re an ANZ customer, you can report fraud or suspicious activity in multiple ways, such as through the ANZ app or by calling us

 

 

anzcomau:content-hubs/security/scams,anzcomau:content-hubs/security/delivery-methods-for-scams-and-fraud
Ransomware: How attacks work and how to protect yourself
ANZ
Security specialist
2024-09-17
/content/dam/anzcomau/images/security-hub/types-of-scams/what-is-ransomware-banner-1200x800.jpg

Stay cyber-smart on all devices

We want all Australians to feel confident and safe when using their devices. With handy tips and tricks that are simple to follow, the ANZ Security Hub is your one-stop shop for protecting yourself and your devices from cybercriminals.

Take me there

 

Important information

The information set out above is general in nature and has been prepared without taking into account your objectives, financial situation or needs. Before acting on the information, you should consider whether the information is appropriate for you having regard to your objectives, financial situation and needs. By providing this information ANZ does not intend to provide any financial advice or other advice or recommendations. You should seek independent financial, legal, tax and other relevant advice having regard to your particular circumstances.

References

1. Australian Signals Directorate, ASD Cyber Threat Report 2022–2023, 2023.

2. Australian Cyber Security Centre, Ransomware prevention guide, 2022.

3. Australian Government, Ransomware action plan, 2021

Top