May 13th 2015
What's the issue?
Ransomware is a type of malware (malicious software - also called a computer virus) that gives cybercriminals access to a computer and its files and allows the criminals to take your data hostage using encryption. Ransom demanded by the cybercriminals to unencrypt files ranges from $300-$500 U.S. in untraceable Bitcoins, to hundreds of thousands for larger organizations. The cybercriminals have recently become more innovative with their attacks on Canadians, disguising themselves as legitimate organizations like the RCMP, Canadian Police Association, Public Safety Canada, and Canadian Security Intelligence Services (CSIS). They have also begun attacks in French on Francophone Canadians, and Appthority reports that Android Koler (a virus) is being used as one of the first versions of mobile ransomware to specifically target Canadians on Android devices.
How is this malware contracted?
An operating system, web browser or anti-malware suite that is unpatched or out-of-date can let infected emails with attachments containing the virus through, or allow implantation on your devices via malicious links on websites, known as "drive-by-attacks". The latter occurs just by visiting an infected site and clicking a link.
What does this mean to me?
The only certainty to prevail in an attack is a recent, full image backup taken before the infection. If a victim does not have an unaffected backup (local backups and mapped servers can also be affected) paying the ransom may work to restore an affected system, however, recovery to an unencrypted state can be problematic and may not work every time. Decryption, depending on the size of your data files, can take days or even weeks to complete due to the strength of encryption employed (typically RSA-2048). The cybercriminals also require payment in Bitcoins in fairly short order, 12-72 hours, or they destroy the encryption key. Acquiring Bitcoins and engaging the payment process can be complicated. Police stations, government offices and law firms have had to pay the ransom in an effort to recover their data. But Public Safety Canada advises not to pay the ransom as there is no guarantee that once you pay you will get access to your data and/or device. Instead they advise you should report the incident to your local police and the Canadian Anti-Fraud Centre. PSC warns ransoms may fund criminal and terrorist activity.
What should I do?
- Ensure you have a current and fully patched operating system, office suite, web browser and a powerful and up-to-date anti-malware suite.
- Ensure you have a full backup of all your devices, with proper versioning and integrity checking, that is not directly connected to your computer.
- Do not open any email attachments you are not expecting, or click on unknown ads or links on websites you are unfamiliar with.
- Contact an IT professional immediately for guidance in recovering your files.
Note to NPC clients:
There have been no successful attacks on NPC users. Your fully patched and secured NPC system, and your offline backup, will continue to protect you. If you have any questions or concerns about your system, do not hesitate to call the support centre at 1-855-667-2642 or email support@npcmail.net.
For more information
Public Safety Canada Get Cyber Safe