Photo - Dr Amirudin Abdul Wahab, CEO, CyberSecurity Malaysia
Malaysian cybersecurity specialist agency CyberSecurity Malaysia has issued an advisory in anticipation of an increase of Ransomware attacks against homes and business.
CyberSecurity Malaysia's chief executive officer Dr Amirudin Abdul Wahab said: "The creator of Ransomware put fear and panic into their victims, causing them to click on a link or pay a ransom, and inevitably become infected with additional malware."
The malware then restricts access to the computer system until a ransom is paid to the creators to unlock it, said Dr Amirudin, adding that typical examples of pop-up messages on a compromised computer screen include:
- "Your computer has been infected with a virus. Click here to resolve the issue."
- "Your computer was used to visit websites with illegal content. To unlock your computer, you must pay a $100 fine."
- "All files on your computer have been encrypted. You must pay this ransom within 72 hours to regain access to your data."
"Ransomware does not only target home users: businesses can also become infected with Ransomware, which can have negative consequences, including temporary or permanent loss of sensitive or proprietary information, disruption regular business operations, financial losses incurred to restore systems and files, and potential harm to an organization's reputation," he said.
When asked about the current levels of Ransomware activity in Malaysia, Dr Amirudin said the following cases are based on the incidents reported to Cyber999 Help Centre of CyberSecurity Malaysia:
Table - CyberSecurity Malaysia reported Ransomware
"CyberSecurity Malaysia is however bracing to tackle any the problem immediately by issuing the Advisory and continuously assisting Internet users who has reported the incident to us," he said, adding that the advisory was to alert all organisations across the corporate and public sectors as well as members of the public.
Dr Amirudin confirmed that so far no cases of Ransomware attacking mobile devices have yet been reported and the origins of reported ransomware have yet to be identified.
Steps to take
Dr Amirudin said: "If your computer has been infected and received a Ransomware message, do not follow the payment instructions. Lodge report to our Cyber999 help centre. Paying ransom does not guarantee the encrypted files will be released. It only guarantees that the malicious actors receive the victim's money, and in some cases, their banking information. In addition, decrypting files does not mean the malware infection itself has been removed."
The advisory included the following:
It is recommended that Internet users and administrators take the following preventive measures to protect their computer networks from Ransomware infection:
i. Perform regular backups of all critical information to limit the impact of data or system loss and to help expedite the recovery process. Ideally, this data should be kept on a separate device, and backups should be stored offline;
ii. Maintain up-to-date anti-virus software;
iii. Keep your operating system and software up-to-date with the latest patches;
iv. Do not follow unsolicited web links in email;
v. Be extra careful when opening email attachments;
vi. Follow best and safe practices when browsing the web.
For further enquiries, please contact CyberSecurity Malaysia (MyCERT) through the following channels:
- E-mail: email@example.com or firstname.lastname@example.org
- Mobile: +60 19 2665850 (24x7 call incident reporting)
- SMS : CYBER999 REPORT EMAIL COMPLAINT to 15888
Sign up for CIO Asia eNewsletters.