Member log in

NetSafe NZ warns of new ransomware threat following three attacks today

Kiwis are again being targetted by ransomware - software that installs itself on your computer after you click on a malicious email attachment, then encrypts your files. If you want to read them again, you have to cough up.

"We're possibly seeing the start of a new wave of ransomware called CryptoLocker which is particularly nasty," NetSafe cybersecurity programme manager Chris Hails tells NBR.

"It has the potential to cost the average victim $500 if they have to resort to buying half a bitcoin to decrypt their files"

NetSafe has had three reports since this morning, with both home users and small business people falling victim to the malware - which usually arrives in the form of an email attachment that purports to be an invoice (Mr Hails has blogged on how to spot a malicious email attachment here and NetSafe has a full guide to Cryptolocker here.

"In short, if you're on an older PC and haven't patched your OS and software there's the potential for your files to be encrypted with the only option being to pay 0.5 bitcoin to the cybercriminals, currently around $500, to get the private key back you need to decrypt your data," Mr Hails says.

"I feel like the boy who cried wolf, constantly banging the drum for updating and making backups. We know it's a boring safety message and there are far more fun things to do in the middle of the party season but I've spoken with two people affected today and it's hard work to always be sat in the ambulance at the bottom of the cliff.

"The overall message remains don't click on unexpected attachments and keep your computer up to date and protected.

M Hails recommends reading The 'Tight 5' from earlier this year.

"Take 15 minutes to security check your computer to save yourself a $500 shock," he says.

Comments and questions

Instead of telling victims to prepare for a $500 shock, would it not be more sobering and ethical to say that the criminals sending these emails should never be offered any ransom and any affected prepare to reformat the hard drive and lose everything. That's all, and tough if you failed to back up.

Opening unsolicited emails is like opening your front door to a stranger, you simply don't do it, I am not computer savvy per se but I err on the side of caution always and press "delete" more often that "enter"

It's a tough call Anon when we have people facing business ruin if they can't access their data. We hate to recommend people pay any form of ransom but for those calling in this week with no backups or shared network drives also encrypted we have to take the pragmatic view and that is paying for the private key. It's a terrible situation to find yourself in.

So, don't pay the ransom, except when its absolutely critical to your business. Which is about the only circumstance in which you would be ransomed.

The correct approach is to devote resources directed at the money-laundering infrastructure that allows this to happen. Bitcoin transaction chains are public and can be tracked in many cases, even if the owner of a wallet can't be physically identified from the transaction.

Agree on the resource issue and tracking cybercrime - the block chain in theory would allow some tracking of bitcoin payments to specific users but the pattern appears to be avoided by sending unique payment addresses for each victim and of course the currency platform is intrinsically anonymous. A global problem developing daily.

The problem with the criminal mind and ransoms is there is no guarantee of a result. Some reports have it the key never arrives despite payment. Imagine say the crim sees money arrive and responds somehow saying thanks for the deposit, you were mistakenly offered the private user fee but we now see you are a corporate so please send the other $4500.
Anyway who is to say the crim isn't some Russian but your IT literate copycat / hacker kid next door or even the NZ IT support company looking for a xmas bonus.

Very good points. We've had 1000 reports of 3 ransomware variants this year alone and our advice was always not to pay where there was a chance to clean up the machine. In those early cases it was 50/50 as to if the unlock worked.

In the case of CryptoLocker the encryption cannot currently be broken so for those with no alternative the only option is to pay or lose your data. We're tracking how successful those paying are with getting their data decrypted. I agree it's not a good path to start down so prevention is key.

We have also had reports of the cold calling computer doctors - still - having success at tricking people into giving remote access to machines and now installing ransomware to ensure some payment is received.

If you're part of a corporate IT network, get your IT support people to set up a Group Policy preventing executable files from running in the "temporary files" directory.

This will prevent Bit Locker from being able to run if someone if foolish enough to open it.

Other than that, make sure you have regular (as in at least daily) back ups of your data - and it's worthwhile testing those backups every once in a while.

There is a free software, Sandboxie, which ring fences your hard drive where it runs your programs in an isolated space which prevents them from making permanent changes to other programs and data, maybe Netsafe could recommend this or an alternative to protect those susceptible to potential hijacks

I like Sandboxie a lot but often we're dealing with users with very little knowledge of computers - the concept of updating is often one they are not familiar with. They'd rather not allow Adobe Flash updates "for safety" for example and/or leave anti-virus alerts blinking about needing the subscription paying for. Our security 'Tight 5' from earlier this year at is a stretch for many people.