rotect yourself against ransomware · protect yourself against ransomware 3 ransomware is a...
TRANSCRIPT
Cyber Security Information Portal (www.cybersecurity.hk) Protect Yourself against Ransomware
PROTECT YOURSELF AGAINST
RANSOMWARE
graphics of icon Causes of Infection and Impact
Screenshots of Ransomware Infection
Preventive Measures
What Should I Do if Infected?
Videos
Promotional Events
Infographics
Extended Readings and Other Resources
Cyber Security Information Portal (www.cybersecurity.hk) Protect Yourself against Ransomware
Index
Causes of Infection and Impact ............................................. 4
Screenshots of Ransomware Infection ................................. 5
Preventive Measures ............................................................ 7
What Should I Do if Infected? ............................................... 8
Videos ................................................................................... 9
Promotional Events ............................................................. 10
Infographics ........................................................................ 11
Extended Readings and Other Resources .......................... 12
Disclaimer ........................................................................... 13
Cyber Security Information Portal (www.cybersecurity.hk) Protect Yourself against Ransomware
3
Ransomware is a malicious software that cyber criminals used to lock
the files stored on the infected computer devices. These locked files
are like hostage and the victims are required to follow the instructions
of this malicious software and pay a ransom to unlock them.
Security Tips to Effectively Defend Against Ransomware
Perform regular backups on important data and keep the
backup copies disconnected from the computer
Install the latest patches for software in use
Check and keep your anti-malware program and
signatures are up-to-date
Schedule a regular full scan to detect and guard against
malware attacks
Disable or restrict all unnecessary services and functions
in computer systems
Do not open any suspicious emails or instant messages,
as well as the attachments and hyperlinks inside
Refrain from visiting suspicious websites or downloading
any files from them
Cyber Security Information Portal (www.cybersecurity.hk) Protect Yourself against Ransomware
4
Causes of Infection and Impact
Causes of Infection
Open suspicious emails, or attachments and hyperlinks inside
Visit websites embedded with malicious programs
Download and install software or mobile apps that are
embedded with ransomware
Impact
Files inside the computing device and other connected storage
devices are encrypted. These data would be lost unless timely
backup is available.
Cyber Security Information Portal (www.cybersecurity.hk) Protect Yourself against Ransomware
5
Screenshots of Ransomware Infection
The following screenshots illustrate the stages of a computer being
infected by a ransomware. It should be noted that different
ransomware will have different behaviour.
Step 1 of 7: Files with known
extension on a computer before
infected by ransomware
Step 2 of 7: The user opens a
program embedded with
ransomware
Step 3 of 7: The ransomware
starts to encrypt the files inside
the computing device
Step 4 of 7: All documents, photos
and media files are encrypted by
ransomware
Cyber Security Information Portal (www.cybersecurity.hk) Protect Yourself against Ransomware
6
Step 5 of 7: A text file is created
telling that the files inside have
been encrypted
Step 6 of 7: A graphic file is also
created and informs the user of
the same content
Step 7 of 7: The wallpaper is
changed at last
Cyber Security Information Portal (www.cybersecurity.hk) Protect Yourself against Ransomware
7
Preventive Measures
Perform regular backups on important data and keep the
backup copies disconnected from the computer
Install the latest patches for software in use
Check and keep your anti-malware program and signatures are
up-to-date
Schedule a regular full scan to detect and guard against
malware attacks
Disable or restrict all unnecessary services and functions in
computer systems
Do not open any suspicious emails or instant messages, as well
as the attachments and hyperlinks inside
Refrain from visiting suspicious websites or downloading any
files from them
Install software and mobile apps from trusted sources, do not
install those apps if suspicious permission rights are required
For business operations with a higher risk of exposure to
malware infection such as customer enquiry emails handling, a
dedicated computer with no network drives and restricted
network connectivity to internal network should be used to
minimise the impact of infection and the handling staff should
keep alert of possible infection
Anti-malware security software
Windows user
Mac OS user
Android user
iOS user
Cyber Security Information Portal (www.cybersecurity.hk) Protect Yourself against Ransomware
8
What Should I Do if Infected?
Disconnect the network cable of the computer to avoid affecting
network drives and other computers
Power off the computer to stop the ransomware encrypting
more files
Jot down what have been accessed (such as programs, files,
emails and websites) before discovering the issue
Report to the Hong Kong Police Force the criminal offence
Recover the data from backup to a clean computing device
Cyber Security Information Portal (www.cybersecurity.hk) Protect Yourself against Ransomware
9
Videos
INFOSEC Animation – Ransomware
(Duration: 2:34)
HKPC YouTube Channel –
加密勒索軟件襲港 電腦用戶如何自保?(Chinese only)
(Duration: 3:44)
Cyber Security Information Portal (www.cybersecurity.hk) Protect Yourself against Ransomware
10
Promotional Events
Upcoming Events
Past Events
Date Event Organiser
31/5/2016 Build a Secure
Cyberspace 2016 –
“Protecting Data from
Ransomware Attacks”
Seminar
Office of the Government
Chief Information Officer
Hong Kong Police Force
Hong Kong Computer
Emergency Response
Team Coordination
Centre
30/5/2016 Cyber Security Conference
2016 cum Formation of
Cyber Security Alliance
Hong Kong Information
Technology Federation
19/4/2016 學校資訊保安講座:加密勒索軟件 ~ 危害、影響與解決?
Association of I.T.
Leaders in Education
(AiTLE)
22/3/2016 學校資訊保安講座:加密勒索軟件 ~ 危害、影響與解決?
Association of I.T.
Leaders in Education
(AiTLE)
香港小學電子教育協會
Date Event Organiser
20/6/2016 中小企網絡安全研討會 勒索軟件襲港 網絡安全你要知
Hong Kong Productivity
Council
Cyber Security Information Portal (www.cybersecurity.hk) Protect Yourself against Ransomware
11
Infographics
Cyber Security Information Portal (www.cybersecurity.hk) Protect Yourself against Ransomware
12
Extended Readings and Other Resources
Cyber Security Information Portal
Precious Photos Encrypted by an Email?
(Chinese Version Only)
Cyber Security Information Portal
Safety Centre, Secure My Mobile Device and Computer
InfoSec website
Types of Virus & Malicious Code and Protective Measures
InfoSec website
Common Best Practices
Hong Kong Police Force
Ransomware
HKCERT
An aggressive campaign of Locky ransomware
SingCERT
Ransomware
Cyber Security Information Portal (www.cybersecurity.hk) Protect Yourself against Ransomware
13
Disclaimer
All materials and information on this this Cyber Security Information Portal
website (www.cybersecurity.hk) (“CSIP”) or any of its webpages, are for general
informational purposes only. They are not comprehensive or other
professional advice and shall not be relied on as such.
Software and related tools mentioned in the CSIP are for general reference and
illustration purpose only and not listed with quality rating. The CSIP does not
endorse specific vendor products nor verify the accuracy of these software and
tools. It is important to note that the software and tools and their user
agreements can be modified by their developers or vendors at any time. If you
have any question about these software and tools, please direct contact the
developers or vendors. Users are also recommended to read the user
agreements and privacy policies of the security software and tools before
download and use them. The CSIP makes no express or implied warranties of
merchantability or fitness for a particular purpose or use with respect to any
information, data or software whatsoever in this website. Information
published on this website may contain technical inaccuracies or typographical
errors. Information may be changed or updated without notice. Under no
circumstances will the CSIP be held liable for any direct, indirect, special or
other consequential damages to any third party, including users of the CSIP and
other external websites maintaining hypertext links to the CSIP, who may
choose to rely on the information, data or software in this website for any
purposes.
The CSIP has provided hypertext links to other external websites. Users when
connect to those websites via the links in the CSIP should understand that those
websites are independent from the CSIP, and that the CSIP has no control over
their contents. Provision of such hypertext links is only as a convenience for
users and does not imply that the CSIP endorses the content of any such
external websites, nor does the CSIP have any responsibilities for that content.
The CSIP and its content may be referred by or hypertext linked in other external
websites provided by other organisations. Users should be reminded that
Cyber Security Information Portal (www.cybersecurity.hk) Protect Yourself against Ransomware
14
information on those external websites has been compiled and published by
those organisations. The CSIP accepts no responsibility for the content of
those websites, any information or hypertext links related to the CSIP contained
in those websites, or any changes or updates with those websites. The CSIP
shall not be liable for any loss or damage arising from or related to those external
websites.
In no event will the CSIP be liable to any party for any direct, indirect, special or
other consequential damages for any use of this website, or on any other
hypertext linked websites, including, without limitation, any lost profits, business
interruption, loss of programs or other data on users' information handling
system or otherwise, even if the CSIP is expressly advised of the possibility of
such damages.
The Government is not responsible for any loss or damage whatsoever arising
out of or in connection with any information on the CSIP. The Government
reserves the right to omit, suspend or edit all information compiled by the
Government on CSIP at any time in its sole discretion without giving any reason
or prior notice. You are responsible for making your own assessment of all
information contained on CSIP and shall verify such information by making
reference, for example, to original publications and obtaining independent
advice before acting upon it.