Specialist IT Services


Contact Info

Postal Address: PO Box 28-418 Remuera, Auckland
Ph: +64 9 524-9999
Email: enquiries@selectit.co.nz



RELIABILITY, great service,
rapid response time

Mar 24, 2017

Ransomware II

Ransomware, a follow up.

Since my previous article on this issue, it seems that the Digital Robber Gangs have upped their ante and seemingly going strength to strength. The 2016 stats show a 150% plus increase in attacks (Sonicwall), and 2017 is bound to show this increasing trend. The rationale is that it’s far more fun to steal your money rather than just mess with your data.


There are over 400 variants of Ransomware doing the rounds, with Cryptolocker being the current crime kingpin. Beware Linux and IOS users; there are variants out there right now targeting you. There are even some variants that take over control of the forward facing camera’s view, grabbing intimate or otherwise embarrassing pictures, ready for threat of exposure on social pages.

The prevention of and recovery from Ransomware is well detailed in the previous article, but here’s a reminder of how to prevent and deal with the risk, with some additional suggestions.

  1. Backup your data regularly, include backup restore tests in your recovery regime
  2. Make sure Adobe Flash is turned off, or use a browser such as Chrome that turns it off by default. (Cerber attacks 2016)
  3. Patch software frequently, OS, Browser and identified application vectors
  4. Monitor and block suspicious traffic, manage outbound traffic
  5. Scan all downloads
  6. Scan all emails, make sure you have up to date endpoint AV installed
  7. Block EXE files, Windows Software Restriction Policies
  8. Disable “Hide extension file types”
  9. Disable macros through group policy
  10. Manage user privileges, use Admin logon sparingly, rather use a neutered user logon for day to day operations
  11. Stay away from bad sites. Places on the Dark Web are where you would very typically find Blacks Hats and IT savvy people. Don’t go where angels fear to tread.
  12. The most important point is, EDUCATE YOUR USERS, regularly.

What does an attack look like?

Encrypted files will have odd looking extension names. You could try a quick rename of the file (with the correct extension name), and if that works, you’ve been hit by one of the many “fake” ransomware variants out there. Typically this wont work

You may also get a graphic threat suggesting “pay up or we will out you” accompanied by bestiality jpg’s, kiddie porn or suchlike nasties. This is to make you panic into “paying up”…don’t!

In most cases, users will notice missing files, or failed access to files or systems.

What to do when you get hit.

  • Firstly, don’t panic. Headless chicken mode wont help you, save your data or stop the possible on-going encryption of your data.
  • Call your IT techs immediately and follow their advice
  • Their advice may include powering down of the infected device and breaking the link to the web.
  • Identification of systems thus far infected, and ring fencing them.
  • Identification of the variant, and thus the recovery / restore process
We are ready to assist you in developing your Ransomware prevention, detection and recovery procedures, call me for a chat or invite me for a visit to your offices

Anton Schutte

027 524 9995








Select IT Partners

Latest News