Ransomware

Ransomware is an increasingly common cybercrime in Victoria. Anyone can be targeted, so it’s critical to arm yourself with up-to-date information.

Keep reading to learn what ransomware is, how to avoid it and what to do if you’re targeted.

What is ransomware?

Ransomware is a type of malicious software (malware) that’s used by cybercriminals to extort money from people (get money through force).

After ransomware infects your device, you’ll no longer be able to access your device or files. A cybercriminal will then demand you pay a ransom to regain your access. They may even threaten to leak your private data if you don’t pay the ransom.

Paying the ransom doesn’t guarantee that you’ll regain access or prevent your information from being sold or leaked by cybercriminals. Doing so could also make you a bigger target for another attack. The Australian Cyber Security Centre recommends that you never pay a ransom to cybercriminals.

How does it work?

Ransomware gets into your devices like other types of malware and viruses. For example, it can enter via:

spam email or messages (when you open a link or an attachment)
malicious websites you visit that try to install ransomware
weaknesses in your devices’ software
applications you downloaded and installed that you thought were trustworthy.

Who does ransomware target?

Many people believe that they don’t need to think about ransomware because it only affects big companies.

Unfortunately, anyone can be targeted – including people like you.

That’s why it’s essential to know how to prevent a ransomware attack from happening in the first place.

How do I prevent ransomware attacks?

Follow these simple steps to protect yourself from ransomware attacks:

Keeping your devices and computer operating systems up to date is one of the most effective ways to prevent ransomware attacks.
Updates fix any coding issues that have been identified. They also ensure your current operating system’s security features are as up to date as possible.
This is important because cybercriminals can exploit coding issues and weak security features to infect your devices and operating systems.
You can avoid the hassle of organising updates by opting for automatic updates.
Learn how to get started on our Update your devices page.
Antivirus software is designed to identify and clean up any viruses on your devices.
If available, make sure to enable ransomware protection.
Like your devices and operating systems, antivirus software needs to be updated regularly to work effectively.
Top tip
Your operating system is likely to already have antivirus software installed. If you want to choose a third-party provider for your antivirus software, be careful as many are fake. The Australian Cyber Security Centre’s website(opens in a new window) offers guidance for choosing and using antivirus software.
Macros are a series of commands that automate a regular or repeated task in software. Macros are commonly used in Microsoft Word and Microsoft Excel.
They can be useful, but they can also pose a security risk. Cybercriminals can create ‘malicious macros’, which are macros designed to attack your system. For example, a malicious macro could be designed to release ransomware.
To avoid unintentionally using a malicious macro, only click ‘enable macros’ on documents you trust.
For example, let’s say you simply want to read a Microsoft Word document. In this case, you don’t need to enable editing and can keep it in a read-only view.
Visit Microsoft’s website to learn more about disabling macros.
Your device can get infected with malware via an infected portable device (like USBs) and malicious links.
Stay safe by following these tips:
Don’t click on any web links or email attachments sent by anyone you don’t know.
Don’t automatically click on links or attachments you receive, even if they’re from someone you know. If the sender is behaving in an odd way, they could be a cybercriminal pretending to be them. This is called phishing.
Don’t allow images to download if you receive an email from an untrusted sender.
Don’t download applications from third party sites.
Don’t click on pop-up advertisements.
Don’t open a file you’ve downloaded if it has a different file extension than what you were expecting. For example, if you were expecting a MS Word document or PDF, don’t click on a file that ends in .exe or .msi.
Don’t pirate software, as it might not receive security updates or it could be malicious.
Don’t use peer-to-peer file sharing, usually know as torrenting. Torrenting is used for downloading and sharing movies or games. Torrenting sites have been shown to host malware including ransomware, so you could unintentionally download and/or share malicious files.
Don't use any software that asks for excessive or suspicious permissions.
It’s also important to:
contact the person directly if something doesn’t feel right. That way, you can confirm it’s really them you’re speaking to, and not someone pretending to be them
use caution when using portable devices from others
check that software is made by a reputable company before downloading and installing on your device
always download software from the company’s official website or an official app store.
Turning on multi-factor authentication (MFA) is another effective way to prevent ransomware attacks. MFA is an extra layer of security that requires you to authenticate (or prove) in 2 or more ways that you’re the real owner of an online account. For example, you can use your password and one-time pin sent by the account provider to your phone.
MFA can help prevent ransomware attacks by making it harder for cybercriminals to gain initial access to your device, account and information. In short, cybercriminals need to put in far more effort to attack an MFA-protected account than an account protected by a password alone.

Top tip

Regularly backing up your files is one of the few ways you can access your files again after a ransomware attack. Our easy-to-read guide to backups will help you get started.

Warning signs of ransomware

There are some key signs that you may be a victim of ransomware. For example:

you get pop up messages demanding you pay to get your files back

you can’t access or log into your devices anymore

your files now need a password or code to open or access them

your files have been moved, your file names have been changed or now have odd file extensions. For example, .ecc, . exx, .xyz, .abc, .micro, .encrypted, .locked, .crypt, .LOL!, .RDM, .0x0, .bleep, .toxcrypt or another unknown extension consisting of random characters.

How do I get rid of ransomware?

It is recommended that you never pay a ransom. Instead:

Follow ACSC advice

Read the Australian Cyber Security Centre (ACSC)’s detailed guidance on how to respond if you are a victim of ransomware.

Seek professional help

It may be worth finding an IT professional to help you recover from a ransomware attack.

Make sure to do your research and contact a reputable company. Cybercriminals may pretend to be IT support and gain remote access to your computer. This would cause even more damage to your device and files.

Tips to protect your accounts

Ransomware can cause your most important information to become compromised. Remember these tips for protecting your accounts after a ransomware infection:

use a different (non-infected) device to change passwords for your most important accounts

turn on multi-factor authentication (MFA)

be alert to potential scams

if you suspect the ransomware infection has compromised your identity documents or financial information, learn what to do after an information leak.

How do I report ransomware?

You can securely report ransomware (as well as other cybercrimes) to ReportCyber(opens in a new window).

Your report will be referred directly to the relevant law enforcement agency.

By making a report, you will provide vital information to help target cybercriminals. You will also help to make going online more secure for all Australians.

Safety & emergencies

Updated 5 July 2024