Print Page   |   Contact Us   |   Sign In   |   Apply online
Community Search

2016/10/24 » 2016/10/25
Risk Management for Risk Champions Training - 24 & 25 October 2016

Managing Risk Management Training - 2 November 2016

2016/11/03 » 2016/11/04
Project Risk Assessment Training - 3 & 4 November 2016

Risk Reporting Training - 7 November 2016

IRMSA Risk Chat
Blog Home All Blogs
Search all posts for:   


View all (60) posts »

Ransomware – the malware that is holding South African companies at gunpoint

Posted By IRMSAInsight, 25 April 2016

25 April 2016 


Ransomware – The malware that is holding South African companies at gunpoint


Ransomware is a type of malicious software (malware) that prevents or limits users from accessing their system. This type of malware forces its victims to pay the ransom through certain online payment methods in order to grant access to their systems, or to get their data back. 

There are different types of ransomware. However, all of them will prevent you from using your computer, server or now even mobile device. They can:

  • Prevent you from accessing your operating system
  • Encrypt files so you can't use them
  • Stop certain apps from running (such as your web browser)


They will demand that you do something to get access to your device or files:

  • Demand you pay money – normally in bitcoins
  • Make you complete surveys

Often the ransomware will claim you have done something illegal and that you are being fined by a police force or government agency. These attacks can be incredibly lucrative: One researcher found that a hacker made more than $1 million in a single day off of hapless users desperate for their data back.

These claims are false. It is a scare tactic designed to make you pay the money.

Ransomware has the potential to attack the Internet of Things.  In one instance, a researcher was able to infect a TV with ransomware.

Ransomware is now even attacking smart phones.

Last month, one hospital paid $17,000 in ransom when ransomware attacked its computer system.  The computer network was down for more than a week, and patients had to be transferred to other hospitals.

Prevention Tips

 Essential first steps

  • Use a reputable antivirus solution and ensure it is up-to-date.
  • Regularly backup your important files.
  • Ensure all software is up-to-date especially highly targeted software like Java, Acrobat Reader etc.
  • Avoid clicking on links or opening attachments or emails from people you don't know or companies you don't do business with.
  • Awareness is key - Educate all users about the threat.




  • Have a pop-up blocker running in your web browser.
  • Show hidden file-extensions.
  • Filter EXEs in emails.
  • Disable files running from AppData/LocalAppData folders.
  • Disable Remote Desktop (RDP).


Dealing with an Infection


  • Disconnect from WiFi or unplug from the network immediately.
  • Remove the malware with your AV vendor’s removal tools; additionally look at the list provided below. 
  • Use System Restore to get back to a known-clean state.
  • Set the BIOS clock back.
  • Decrypt the encrypted data (tools listed below).


Removal/Prevention Tools





  Decryption tools



Article sources:









Connect with us and share your views:




Copyright © 2015 IRMSA - All rights reserved.

You are currently signed up to the IRMSA Risk Chat mailing list. To unsubscribe click here.

144 Katherine Street, Grayston Ridge Office Park, Block A, First Floor

Tel: 011-555-1800 

This email was sent to '@@email@@' from The Institute of Risk Management South Africa. If you wish to stop receiving email from us, you can simply remove yourself by visiting: @@unsubscribe_url@@ 



This post has not been tagged.

Share |
Permalink | Comments (0)
Sign In

Forgot your password?

Click here to join IRMSA