The Guyana National Computer Incident Response Team (GNCIRT) wishes to alert the general public of the sudden surge in ransomware attacks being experienced globally.
Security researchers are reporting that ransomware attacks have increased nine-fold in a two-week period. Regionally, Paraguay has recently experienced a ransomware campaign against its citizens. GNCIRT has had one recent report of ransomware that infected several computers at a prominent government agency in Guyana and caused irreparable damage to important data files and inconvenience to users. Given the global trend, GNCIRT has reason to believe that Guyanese users, especially organisations and businesses processing financial transactions via email, are at high risk.
Ransomware is a type of malicious software that encrypts your data files and demands payment in return for the key to decrypt your files. A successful ransomware attack will encrypt your data files and make them unavailable to you. When an individual or member of staff tries to access the data files, they are pointed to a ransom note with directions on how to make a payment in order to regain access to the data files. GNCIRT advises that a payment should never be made as there is no guarantee that the attackers will provide the decryption key. Instead, all precautions should be taken to prevent a successful attack.
The current trend is for the malware to be propagated via spam email with malicious attachments. The subject of the emails relate to alleged ‘Invoices’, ‘Payments’, ‘Payment Notices’ or ‘Wire Transfers’ and typically have a ‘Reference# or Invoice#’ followed by random numbers to appear legitimate. The emails have an accompanying malicious attachment which is typically a zip file and include the reference number and words such as ‘invoice’ or ‘info’ or ‘note’. The use of these keywords suggest that the attackers are targeting businesses and organizations involved in processing financial transactions.
Examples of email headers are:
From: Dionne Hall [[email protected]]
Sent: Thursday, December10, 2015 4:53 AM
To: John Dow
Subject: copy_invoice_4181711 from DataCorp Inc
From: Marjorie Anthony [Anthony [email protected]]
Sent: Friday, December 11, 2015 3:35 AM
To: Jane Dow
Subject: Reference Number #09921533, Last Payment Notice
GNCIRT advises that all staff accessing emails on their desktops or on their mobile phones be made aware of this threat. They should be alerted not to click on any suspicious emails or download any suspicious attachments. While the immediate threat is against Microsoft Windows desktop users, mobile phone users are also at risk for ransomware.
For persons who are using a personal computer at home, they are advised to delete any suspicious e-mails and to be on the alert for future threats.
For persons using an organization’s e-mail service, they are advised to immediately report these spam mails to their System and Network Administrator or any such person(s) who may be administering the network and email services.r
GNCIRT asks that this advisory be taken seriously, as failing to do so may make you or your organization the next victim of ransomware.