Who would have thought…Kempsey!

By December 9, 2016Blog

The Scene

Recently I stayed overnight in a motel in Kempsey, NSW – hardly the place you’d expect to come face-to-face with the world of cyber-crime. At 6.50am I used the motel’s Wi-Fi to gain remote access to my emails. Seconds after my email account opened the entire screen froze and a message in red appeared from “DMA Locker”. It advised that my entire data was encrypted and now inaccessible to me. They demanded a ransom of 4.0 Bitcoin – the equivalent of 1,072 GB Pounds ($2,094 AUSD). I was given 96 hours to pay the ransom, or it would then increase 200%.

DMA Locker is another ransomware that appeared at the beginning of this year.

The Situation

This is extortion, pure and simple, but you can protect yourself to some degree.

Whist bodies such as the CIA and the FBI might be able to track down who these people are, this is something almost impossible to do.

Welcome to the world of the “Dark Web”. One of the reasons they can’t be tracked is because they utilise things like a TOR browser. This switches the path from one system to another making the owner of this ransomware completely anonymous. Also, they demand payment in Bitcoin which is also untraceable.

This malware gets to you in a couple of different ways. One is by sending you
an email which catches your eye and which entices you to click open an attachment. For example, the email announces that you have won a substantial amount of money and asks you to click ‘here’ for your payment details. Or even cruder, the email might say “Anna Kornikova – click here for never before seen nude shots”.

Another way this malware finds you is by what is known as a “drive-by” – you are cruising on the net and you click on what turns out to be a dodgy / hacked website.

How to Protect Yourself

If a ransom demand like this appears on your screen, this is what you can do to save yourself and your data in five simple steps.

  1. Turn off the computer or laptop immediately. This is critical. Do not delay. Just shut the whole thing down. By doing this you prevent the malware from beginning to encrypt your system. They do claim “all your important files are encrypted”; but this is not true. The encryption process is a CPU intensive process – it works slowly and alphabetically through your folders – and can take hours. What they want to do is to encrypt all your files so that they are all scrambled and unreadable. If you pay the demand, they send you the key to unlock your own data – how kind of them.
  2. Contact your IT providers immediately and tell them what’s happened. They will remove the malware.
  3. Remember to diversify your data. Think of this as a lucky escape. Diversify your data by storing it in separate locations on different devices. Don’t have all your personal data – such as all your family photographs stored on your computer at work. Make a copy on a USB and take it home. Make sure your office data is regularly backed up and stored off-site and off-the-system with no remote access.
  4. Exercise care when it comes to opening emails, and extreme care when it comes to opening attachments.
  5. Don’t give in to criminal blackmailers

For more information contact Brosnans Investigation Services on 1300 55 44 78 or book an investigation online here now.