The Ministry of Public Security yesterday issued a press release from its Computer Incident Response Team on a malicious software attack that has surged in recent weeks and one government agency here has been affected
The Guyana National Computer Incident Response Team (GNCIRT) said it wished to alert the general public of the sudden surge in ransomware attacks being experienced worldwide. It said that security researchers are reporting that ransomware attacks have increased nine-fold in a two-week period. Paraguay has recently experienced a ransomware campaign against its citizens. GNCIRT said it has had one recent report of ransomware that infected several computers at a prominent government agency in Guyana and caused irreparable damage to important data files and inconvenience to users. Given the worldwide trend, GNCIRT says it has reason to believe that Guyanese users, especially organisations and businesses processing financial transactions via email, are at high risk.
It explained that Ransomware is a type of malicious software that encrypts data files and demands payment in return for the key to decrypt files. GNCIRT advised that a payment should never be made as there is no guarantee that the attackers will provide the decryption key. Instead, all precautions should be taken to prevent a successful attack.
It said that the current trend is for the malware to be propagated via spam email with malicious attachments. The subject of the emails relate to alleged ‘Invoices’, ‘Payments’, ‘Payment Notices’ or ‘Wire Transfers’ and typically have a ‘Reference# or Invoice#’ followed by random numbers to appear legitimate. The release said that the emails have an accompanying malicious attachment which is typically a zip file and include the reference number and words such as ‘invoice’ or ‘info’ or ‘note’. The use of these keywords suggest that the attackers are targeting businesses and organizations involved in processing financial transactions.
Examples of email headers are:
GNCIRT says that all staff accessing emails on their desktops or on their mobile phones must be made aware of this threat. They should be alerted not to click on any suspicious emails or download any suspicious attachments. While the immediate threat is against Microsoft Windows desktop users, mobile phone users are also at risk it said.
For persons who are using a personal computer at home, they are advised to delete any suspicious e-mails and to be on the alert for future threats.
For persons using an organization’s e-mail service, they are advised to immediately report these spam mails to their System and Network Administrator or any such person(s) who may be administering the network and email services.
GNCIRT asks that its advisory be taken seriously.
It also provided the following advice:
- Make regular backup of your data files to limit the loss of data. Daily backups of critical files should be done by the System Administrator.
- Backups should be securely stored away from the computer systems. Flash drives and back up drives should not be left connected to computer systems.
- Alert all staff to exercise caution when opening emails. One careless act can expose an entire network to serious loss of data.
- Pay special attention to emails from unknown email addresses, emails with attachments and emails appearing to suggest payments, receipts and invoices.
- Observe emails that appear to come from known associates with minor variations to their names and email addresses.
- Also be aware of attachments with file extensions that do not match the respective document types eg. Executable files (.exe, .js, .bat, etc) masquerading as office documents (.docx, .xlsx, .odt, .pptx, etc).
Please refer to www.cirt.gy for more details.