Ransomware and ransomware attacks

Estimated reading time
 6 min

Key points

• Ransomware is a type of malicious software that, when it infects your device, may lock your files until you pay a ‘ransom’ – often cryptocurrency or a large sum of money.
  
  
• From installing antivirus software to avoiding suspicious links, there are several things you can do to help protect yourself against ransomware attacks.
  
  
• Changes to your files and malicious messages appearing on your screen could be signs of a ransomware attack.

Imagine receiving an unexpected email from a company you have never purchased from. The message urges you to click on the link for a discount code, and if you are curious, you might click on the link.

Instead of making the most of the online shop’s offerings, you’ve accidentally installed software that locks up your files and denies you access. When you try opening a file, a message may appear on your screen: ‘Pay a ransom, and you can access your files again!’. So, what do you do here? Would you pay the ransom – even though there’s no guarantee you will regain access to your files once you’ve paid it?

This type of scenario can happen to anyone. In fact, according to the Australian Signals Directorate, one in ten reported cybercrime incidents between 2022 and 2023 were ransomware attacks.¹ Knowing how to protect your devices and what to look for could make a significant difference.

That’s why we’re here with the facts on ransomware so you might better protect your files. 

What is ransomware?

In its simplest form, ransomware is a common type of malicious software (malware). When the ransomware is installed on your device, it can lock your files and often block access to your computer systems or network so you can’t access them.² The cybercriminals do this by encrypting your files or remotely locking you out of your own operating system.

Once the ransomware has locked up your files and compromised your system access, you might receive a pop-up message from a cybercriminal demanding a payment (the ransom). This can look different depending on the type of ransomware or perpetrators of the attack, but it will generally be designed to look like a common software error message or simple text and a countdown clock. Either way, it will cover the screen with directions to pay them money to ‘unlock’ your computer.

Once you pay (often through cryptocurrency transfer),³ the cybercriminal might promise to reinstate access to your files by providing a decryption key to unlock the device. This may not happen, and paying a ransom doesn’t guarantee you’ll get everything back.

Cybercriminals may also promise to stop sensitive information and customer details (in the case of a business malware attack) or your personal information (in the case of a personal malware attack) from being distributed online after they receive your ransom. Remember, there is no guarantee that cybercriminals will be faithful to their word, so you should never pay a ransom before contacting the appropriate authorities.

How can ransomware affect you?

As ransomware locks up your files, restoring your devices and data will take some time. If you don’t have backed-up data, it might be impossible to recover your files. For business owners, a ransomware attack might disrupt your daily operations and hurt your reputation.

However, you can help protect your files, photos, and business by taking steps to stop ransomware attacks before they occur.

Ransomware can enter your systems through:

• Clicking on a link or downloading an attachment that was in an email, phone message, or private message on social media.
  
  
• Visiting a malicious website that downloads ransomware without your knowledge.
  
  
• Clicking on a malicious link in a social media post that installs the ransomware onto your device.
  
  
• Apps you download onto your phone, computer, or tablet that come from untrusted sources, such as a downloading an app through a message or from a website that isn’t an official app store.
  
  
• You insert an infected USB into your device.

Cybercriminals might use ransomware to find and use your personal information and photos to extort you.

Consider this case study from the Australian Signals Directorate (ASD):

While working at their design firm, a staff member noticed a file looked different (the icon was black, and the extension had changed), and they could not open it. After alerting a colleague, they watched other files become encrypted before their eyes. Next, a message popped up that said, ‘Read me’, and in it were demands from a cybercriminal to pay a ransom. Luckily, with help from the ASD and the Australian Cyber Security Centre (ACSC), the business could retain its files, and it didn’t have to pay the ransom. 

How to help protect yourself from a ransomware attack

1. Be wary of unexpected text messages, calls, or emails. If someone pressures you to open a link or download a file, it might be a scammer or a ransomware attack. Above all else, don’t open any links or files that are sent to you out of the blue.
   
   
2. Turn on automatic updates on all your devices. This may help strengthen any weaknesses in your device, which might reduce the likelihood of cybercriminals accessing your files or device.
   
   
3. Use antivirus software to help prevent, detect, and remove any ransomware on your device. Your device may have antivirus software already installed, but it is wise to purchase additional security if you want the extra protection.
   
   
4. Back up your data regularly. You can make a copy of your files, like important documents or photos, and save them on a physical storage device (like a hard drive) or an online storage solution (often called ‘the cloud’). Should you experience a ransomware attack, knowing you can restore your files afterwards can give you some peace of mind.
   
   
5. Activate multi-factor authentication (MFA) on all devices and accounts. This extra layer of security can make it difficult for cybercriminals to get what they want.
   
   
6. Be strict about access control on your applications and devices. You can control who can access your device’s apps and data through your phone and computer settings, reducing the likelihood of cybercriminals getting onto your device. For example, a computer might have an ‘administrator’ account, which might have more control over the device than other accounts, or you can check your phone’s app permissions through the settings to ensure it can’t access anything unrelated to its function like your files, photos, contacts, or location.
   
   
7. Consider restricting your employees’ user access ability (permissions) to install and run unwanted software applications. Ensure that your employees can only access the data, resources, and apps they need to do their job. Restricting these privileges may prevent malware from running or limit its capability to spread through the network.
   
   
8. Configure your ‘macro’ settings so they are not enabled in email attachments. Macros are powerful tools for improving productivity, but cybercriminals can use them to compromise your systems. If you use Microsoft Office, you can learn more about how to do this here. 

How to tell if your device might beis under a ransomware attack

• Antivirus software and your backup system have been removed or disabled before your files become locked.
  
  
• Critical files, such as documents containing personal information or photos, become locked. This means you can’t open them or move them to a different location on the device.
  
  
• Some or most of your files might have a different extension – the three or four letters after the file name that represents its file type. For example, a Word document usually has a file name of ‘.doc’ or ‘.docx’, but a corrupted file might have something else.
  
  
• You might receive a ‘ransom’ note from the cybercriminal. This note threatens you to pay the ransom to access your files or protect your information from being sold or misused. Never, ever pay this ransom – you can’t guarantee that you will get access to your information or stop the cybercriminal from distributing it online. Instead, contact the police and seek help from the agencies listed below. 

How to recover from a ransomware attack

If you’ve experienced a ransomware attack, here’s what you might do to recover from it:

• Take detailed notes of the attack and what was affected. This includes listing any files that were deleted or have a new extension, screenshotting or noting the details of the ransom note, and anything else that’s changed since the ransomware attack. This can help authorities in a potential investigation.
  
  
• Turn off and unplug the device that had the ransomware on it. This might help prevent the ransomware from spreading to other devices.
  
  
• Disconnect other devices on the same Wi-Fi or server, as the ransomware might spread across the network.
  
  
• Change all passwords, as some ransomware might steal them.
  
  
• If you’ve shared financial information or transferred money, contact your bank immediately. If you’re an ANZ customer, contact us immediately to report the fraud.
  
  
• If you shared credit card details, ‘block’ or cancel those cards immediately. If your cards are with ANZ, you can report the stolen card through the ANZ app or by calling us.
  
  
• If you’ve transferred money or paid the ransom, the Australian Government Department of Foreign Affairs and Trade (DFAT) recommends that you immediately contact the Australian Sanctions Office (ASO) and report it to the appropriate authorities, such as Scamwatch and ReportCyber. 

Who to contact if you experience a ransomware attack

• Contact the Australian Cyber Security hotline, 24 hours a day, seven days a week on 1300 CYBER1 (or 1300 292 371).
  
  
• Help others by reporting to Scamwatch or to the Australian Signals Directorate’s Australian Cyber Security Centre’s ReportCyber.
  
  
• For phishing or identity theft associated with government accounts such as Centrelink, Medicare, or Child Support, contact the Services Australia scams and identity helpdesk on 1800 941 126 or visit their website.
  
  
• You can also contact IDCare, a not-for-profit organisation providing support to those experiencing identity and cyber security concerns.
  
  
• Contact your bank immediately if you have shared personal or financial information.
  
  
• If you’re an ANZ customer, you can report fraud or suspicious activity in multiple ways, such as through the ANZ app or by calling us