Photo - Dr. Amirudin Abdul Wahab, Chief Executive Officer, CyberSecurity Malaysia.
National specialist agency CyberSecurity Malaysia has issues a new warning to Malaysian Internet users to be on the alert for ransomware.
Dr Amirudin Abdul Wahab, chief executive officer, CyberSecurity Malaysia, said that ransomware, a type of malicious software (malware) that infects a computer and restricts access until ransom has been paid to unlock it, is continuing to increase in the country.
"Ransomware affects computers belonging to individual users as well as commercial businesses," said Dr Amirudin. "It can lead to negative consequences, including the temporary or permanent loss of sensitive or proprietary information, disruption to regular operations, as well as financial losses incurred to restore systems and files and potential harm to an organisation's reputation."
"Paying ransom does not guarantee the encrypted files will be released," he added. "It only guarantees that the malicious actors receive the victim's money. In addition, decrypting files does not mean the malware infection itself has been removed."
CyberSecurity Malaysia issued recommendations to Internet users and network administrators to take the following preventive measures:
Employ a data backup and recovery plan for all critical information. Perform and test regular backups to limit the impact of data or system loss and to expedite the recovery process. Ideally, keep data on a separate device, and backups should be stored offline.
Use application whitelisting to help prevent malicious software and unapproved programs from running.
Prevent execution of Files in %AppData% Directories - for the malware to execute, it usually resides in various temporary directories in Windows (%AppData%).
Keep your operating system, softwares, Java, Shockwave and Flash up-to-date as exploit kits rely on vulnerabilities on the client machine to get malware to execute. Ensure these are patched with the latest updates greatly reduces the number of exploitable entry points available to an attacker.
Maintain up-to-date anti-virus software, and scan all software downloaded from the Internet prior to executing.
Restrict users' ability (permissions) to install and run unwanted software applications, and apply the principle of "Least Privilege" to all systems and services.
Avoid enabling macros from email attachments. If a user opens the attachment and enables macros, embedded code will execute the malware on the machine. For enterprises or organizations, it may be best to block email messages with attachments from suspicious sources.
Do not follow unsolicited Web links in emails.
Meanwhile, users are advised to be aware with the latest security announcements and follow best practice security policies to determine the safety of the data and networked systems.
For further assistance, please contact MyCERT through the following channels:
E-mail: firstname.lastname@example.org or email@example.com
Phone: 1-300-88-2999 (monitored during business hours)
Fax: +603 89453442
Mobile: +60 19 2665850 (24x7 call incident reporting)
SMS: CYBER999 REPORT EMAIL COMPLAINT to 15888
Sign up for Computerworld eNewsletters.