Alert Priority Moderate
7 December 2015

If you click on a link in a scam email or visit a compromised website, you may receive a message saying your files are locked and cannot be accessed without you paying a ransom to unlock them. If this is the case, you've been hit with a ransomware attack.

The scam email may look official and even incorporate the logos of prominent organisations to encourage you to click on the links in the email body. The compromised website may be legitimate but be infected by malicious software.

Stay Smart Online has previously provided alerts about several ransomware attacks, including Cryptolocker and CryptoWall. But now there is a dangerous new ransomware attack targeting Windows users. This attack reportedly steals victim's passwords before using CryptoWall to lock down their files.

A victim of this type of ransomware who restores access to their files (preferably from a backup system not connected to the computer under attack from the ransomware) may still be subjected to further attacks. The attacker may use the password to gain access to sensitive personal and financial information on the victim's computer. As a result, victims should also change all their passwords immediately.

The new ransomware starts by infecting various websites in order to attack people who visit them.

Staying safe

If your computer has been infected by ransomware, you should restore your files from backup and update your systems. To do this, you need to maintain regular backups of important files. Stay Smart Online has information about how to do this, and we recommend you seek technical advice if you are unsure about next steps.

We recommend against paying any ransom demanded to decrypt your files. There is also no guarantee the attackers will provide a working decryption tool, and you are not protected against future attacks.

You should also change all of the passwords and usernames on your computer. Stay Smart Online has advice on choosing strong passwords and we recommend the use of a password manager to help you choose and use very strong passwords.

The best cure is prevention, and we recommend that you keep your antivirus programs and computer systems updated at all times, and to be cautious of viewing attachments in emails from unknown sources and visiting websites of dubious origin.