Cyber Security Information Portal (www.cybersecurity.hk) Protect Yourself against Ransomware

PROTECT YOURSELF AGAINST

RANSOMWARE

graphics of icon Causes of Infection and Impact

Screenshots of Ransomware Infection

Preventive Measures

What Should I Do if Infected?

Videos

Promotional Events

Infographics

Extended Readings and Other Resources

Cyber Security Information Portal (www.cybersecurity.hk) Protect Yourself against Ransomware

Index

Causes of Infection and Impact ............................................. 4

Screenshots of Ransomware Infection ................................. 5

Preventive Measures ............................................................ 7

What Should I Do if Infected? ............................................... 8

Videos ................................................................................... 9

Promotional Events ............................................................. 10

Infographics ........................................................................ 11

Extended Readings and Other Resources .......................... 12

Disclaimer ........................................................................... 13

Cyber Security Information Portal (www.cybersecurity.hk) Protect Yourself against Ransomware

3

Ransomware is a malicious software that cyber criminals used to lock

the files stored on the infected computer devices. These locked files

are like hostage and the victims are required to follow the instructions

of this malicious software and pay a ransom to unlock them.

Security Tips to Effectively Defend Against Ransomware

Perform regular backups on important data and keep the

backup copies disconnected from the computer

Install the latest patches for software in use

Check and keep your anti-malware program and

signatures are up-to-date

Schedule a regular full scan to detect and guard against

malware attacks

Disable or restrict all unnecessary services and functions

in computer systems

Do not open any suspicious emails or instant messages,

as well as the attachments and hyperlinks inside

Refrain from visiting suspicious websites or downloading

any files from them

Cyber Security Information Portal (www.cybersecurity.hk) Protect Yourself against Ransomware

4

Causes of Infection and Impact

Causes of Infection

Open suspicious emails, or attachments and hyperlinks inside

Visit websites embedded with malicious programs

Download and install software or mobile apps that are

embedded with ransomware

Impact

Files inside the computing device and other connected storage

devices are encrypted. These data would be lost unless timely

backup is available.

Cyber Security Information Portal (www.cybersecurity.hk) Protect Yourself against Ransomware

5

Screenshots of Ransomware Infection

The following screenshots illustrate the stages of a computer being

infected by a ransomware. It should be noted that different

ransomware will have different behaviour.

Step 1 of 7: Files with known

extension on a computer before

infected by ransomware

Step 2 of 7: The user opens a

program embedded with

ransomware

Step 3 of 7: The ransomware

starts to encrypt the files inside

the computing device

Step 4 of 7: All documents, photos

and media files are encrypted by

ransomware

Cyber Security Information Portal (www.cybersecurity.hk) Protect Yourself against Ransomware

6

Step 5 of 7: A text file is created

telling that the files inside have

been encrypted

Step 6 of 7: A graphic file is also

created and informs the user of

the same content

Step 7 of 7: The wallpaper is

changed at last

Cyber Security Information Portal (www.cybersecurity.hk) Protect Yourself against Ransomware

7

Preventive Measures

Perform regular backups on important data and keep the

backup copies disconnected from the computer

Install the latest patches for software in use

Check and keep your anti-malware program and signatures are

up-to-date

Schedule a regular full scan to detect and guard against

malware attacks

Disable or restrict all unnecessary services and functions in

computer systems

Do not open any suspicious emails or instant messages, as well

as the attachments and hyperlinks inside

Refrain from visiting suspicious websites or downloading any

files from them

Install software and mobile apps from trusted sources, do not

install those apps if suspicious permission rights are required

For business operations with a higher risk of exposure to

malware infection such as customer enquiry emails handling, a

dedicated computer with no network drives and restricted

network connectivity to internal network should be used to

minimise the impact of infection and the handling staff should

keep alert of possible infection

Anti-malware security software

Windows user

Mac OS user

Android user

iOS user

Cyber Security Information Portal (www.cybersecurity.hk) Protect Yourself against Ransomware

8

What Should I Do if Infected?

Disconnect the network cable of the computer to avoid affecting

network drives and other computers

Power off the computer to stop the ransomware encrypting

more files

Jot down what have been accessed (such as programs, files,

emails and websites) before discovering the issue

Report to the Hong Kong Police Force the criminal offence

Recover the data from backup to a clean computing device

Cyber Security Information Portal (www.cybersecurity.hk) Protect Yourself against Ransomware

9

Videos

INFOSEC Animation – Ransomware

(Duration: 2:34)

HKPC YouTube Channel –

加密勒索軟件襲港 電腦用戶如何自保？(Chinese only)

(Duration: 3:44)

Cyber Security Information Portal (www.cybersecurity.hk) Protect Yourself against Ransomware

10

Promotional Events

Upcoming Events

Past Events

Date Event Organiser

31/5/2016 Build a Secure

Cyberspace 2016 –

“Protecting Data from

Ransomware Attacks”

Seminar

Office of the Government

Chief Information Officer

Hong Kong Police Force

Hong Kong Computer

Emergency Response

Team Coordination

Centre

30/5/2016 Cyber Security Conference

2016 cum Formation of

Cyber Security Alliance

Hong Kong Information

Technology Federation

19/4/2016 學校資訊保安講座：加密勒索軟件 ~ 危害、影響與解決？

Association of I.T.

Leaders in Education

(AiTLE)

22/3/2016 學校資訊保安講座：加密勒索軟件 ~ 危害、影響與解決？

Association of I.T.

Leaders in Education

(AiTLE)

香港小學電子教育協會

Date Event Organiser

20/6/2016 中小企網絡安全研討會 勒索軟件襲港 網絡安全你要知

Hong Kong Productivity

Council

Cyber Security Information Portal (www.cybersecurity.hk) Protect Yourself against Ransomware

11

Infographics

Cyber Security Information Portal (www.cybersecurity.hk) Protect Yourself against Ransomware

12

Extended Readings and Other Resources

Cyber Security Information Portal

Precious Photos Encrypted by an Email?

(Chinese Version Only)

Cyber Security Information Portal

Safety Centre, Secure My Mobile Device and Computer

InfoSec website

Types of Virus & Malicious Code and Protective Measures

InfoSec website

Common Best Practices

Hong Kong Police Force

Ransomware

HKCERT

An aggressive campaign of Locky ransomware

SingCERT

Ransomware

Cyber Security Information Portal (www.cybersecurity.hk) Protect Yourself against Ransomware

13

Disclaimer

All materials and information on this this Cyber Security Information Portal

website (www.cybersecurity.hk) (“CSIP”) or any of its webpages, are for general

informational purposes only. They are not comprehensive or other

professional advice and shall not be relied on as such.

Software and related tools mentioned in the CSIP are for general reference and

illustration purpose only and not listed with quality rating. The CSIP does not

endorse specific vendor products nor verify the accuracy of these software and

tools. It is important to note that the software and tools and their user

agreements can be modified by their developers or vendors at any time. If you

have any question about these software and tools, please direct contact the

developers or vendors. Users are also recommended to read the user

agreements and privacy policies of the security software and tools before

download and use them. The CSIP makes no express or implied warranties of

merchantability or fitness for a particular purpose or use with respect to any

information, data or software whatsoever in this website. Information

published on this website may contain technical inaccuracies or typographical

errors. Information may be changed or updated without notice. Under no

circumstances will the CSIP be held liable for any direct, indirect, special or

other consequential damages to any third party, including users of the CSIP and

other external websites maintaining hypertext links to the CSIP, who may

choose to rely on the information, data or software in this website for any

purposes.

The CSIP has provided hypertext links to other external websites. Users when

connect to those websites via the links in the CSIP should understand that those

websites are independent from the CSIP, and that the CSIP has no control over

their contents. Provision of such hypertext links is only as a convenience for

users and does not imply that the CSIP endorses the content of any such

external websites, nor does the CSIP have any responsibilities for that content.

The CSIP and its content may be referred by or hypertext linked in other external

websites provided by other organisations. Users should be reminded that

Cyber Security Information Portal (www.cybersecurity.hk) Protect Yourself against Ransomware

14

information on those external websites has been compiled and published by

those organisations. The CSIP accepts no responsibility for the content of

those websites, any information or hypertext links related to the CSIP contained

in those websites, or any changes or updates with those websites. The CSIP

shall not be liable for any loss or damage arising from or related to those external

websites.

In no event will the CSIP be liable to any party for any direct, indirect, special or

other consequential damages for any use of this website, or on any other

hypertext linked websites, including, without limitation, any lost profits, business

interruption, loss of programs or other data on users' information handling

system or otherwise, even if the CSIP is expressly advised of the possibility of

such damages.

The Government is not responsible for any loss or damage whatsoever arising

out of or in connection with any information on the CSIP. The Government

reserves the right to omit, suspend or edit all information compiled by the

Government on CSIP at any time in its sole discretion without giving any reason

or prior notice. You are responsible for making your own assessment of all

information contained on CSIP and shall verify such information by making

reference, for example, to original publications and obtaining independent

advice before acting upon it.