Businesses warned to back up data after new “ransomware” emails spread across country
Friday, September 28, 2012/
Businesses are being urged to back up their data and ensure their systems are constantly kept up to date, following the spread of a new type of “ransomware” – cyber-attacks that hold your personal data at ransom.
The warning comes during an increasingly hostile year for business with regard to cyber-attacks, with businesses including AAPT and LinkedIn having been attacked during the past nine months.
The new email message claims to come on behalf of the Australian Federal Police, telling the user they have been viewed while watching child pornography and that the reader’s address and identity are being retrieved by police.
The most important claim in the email is a request for payment within 72 hours.
AVG security expert Michael McKinnon says this type of ransomware hasn’t commonly been seen in Australia.
“Up until last week, it wasn’t widespread; it’s fairly rare and sporadic at best. But in the last week we’ve now had 10 concerned reports from our customers…which obviously means there are more.”
McKinnon also says AVG has confirmed with the Australian Federal Police the email has been circulating, and that it has also received complaints of its own.
The concept of ransomware works by taking control of a users’ data, and then requesting they make a payment in order to get it back. While occurrences are few and far between, McKinnon says it’s still important for businesses to be aware of these emails, especially when they can appear to be real.
More importantly, businesses need to make sure they have their data backed up, so if these ransomware messages actually do encrypt data, you can get it back from an alternative source.
“You just need to make sure you have detection in place, up-to-date computer systems and spamware filters and so on.”
“Lean towards an internet backup provider, and preferably a solution that is backing up the files just as soon as they’ve been modified.”
McKinnon reminds businesses that staff need to be trained when it comes to these sorts of emails – if there’s any doubt about the contents, then no action should be taken.