Hackers demanding payment in return for unlocking files.
A new wave of ransomware is attempting to extort money from Kiwis in exchange for returning access to their computer files.
Netsafe has received seven reports over the last week of a new type of ransomware virus locking up the computers of both home users and small businesses in New Zealand.
Ransomware encrypts the files on your computer using a powerful algorithm and demands payment, usually by a certain date.
The new version is displaying as Anti Child Porn Spam Protection 2.0 and in some cases uses the New Zealand Police logo.
Netsafe’s digital project manager Chris Hails said the average amount demanded was half a bitcoin, which is currently worth about $NZ350. However, one of the recent cases came with a demand for $3000.
“It can affect anyone, from a 74-year-old woman like we had last week, all the way up to a business with 500 staff,” Mr Hails said.
While Netsafe didn’t encourage paying money to those behind the ransomware, it acknowledged it was the only option in some cases and some people have had success decrypting their files by paying the demand.
Mr Hails said Kiwis needed to take preventative steps to keep computer systems “patched”, by updating operating systems and applications, and by using a modern browser for surfing. Users should also ensure data back-ups were working. Anti-virus software would also help prevent common forms of ransomware.
An attack usually occurs after the user clicks on an email attachment or visits an affected website.
“It’s pretty nasty. With a normal virus you can keep using your computer, it may slow it down but you can clean it up with virus protection,” Mr Hails said.
If an attack does occur, Mr Hails recommended taking the computer to a technician, who could try and restore the system, clean up and wipe the hardware, and reinstall Windows and the data affected.
Android and Mac devices can also be attacked, but so far in New Zealand affected Macs have only got the less serious browser-locking version and Androids haven’t been hit.
How can I defend against ransomware?
Most forms of this malware are detected by anti-virus programmes so it pays to have up-to-date software on your computer.
Make regular routine backups in case your computer cannot be cleaned and you need to undertake a system restore or rebuild.
Check Microsoft Security Bulletins and ensure your systems are fully patched against known vulnerabilities.
Use Netsafe's free downloadable computer security checklist to stay secure online.
Tell colleagues, friends and family who could be at risk of a ransomware infection.
What to do if your computer is infected
Disconnect your computer from the internet immediately by removing your network cable or turning off the wireless connection.
Disconnect any USB storage devices or network shares and turn off any cloud backup services you may use such as Dropbox or Office 365.
Some people affected have paid the ransom to have their computer unlocked – but NetSafe don't encourage you to follow this path.
Make a report to NetSafe’s ORB website so they can track the scale of a ransomware infection.
The process of cleaning up a ransomware infection can be complex so consider calling a local computer technician or family member for help.
If you are confident, try cleaning the ransomware - be prepared to wipe systems and restore from back-ups. It may not be possible to clean your computer so you may need to do a system restore or fresh install.