Skip to Content

Protect Yourself against Ransomware

Ransomware is a malicious software that cyber criminals used to lock the files stored on the infected computer devices. These locked files are like hostage and the victims are required to follow the instructions of this malicious software and pay a ransom to unlock them.

Security Tips to Effectively Defend Against Ransomware


  1. Perform regular backups on important data and keep the backup copies disconnected from the computer
  2. Install the latest patches for operating systems and software in use
  3. Keep your anti-malware program and signatures up-to-date
  4. Schedule a regular full scan to detect and guard against malware attacks
  5. Do not open any suspicious emails or instant messages, as well as the attachments and hyperlinks inside
  6. Refrain from visiting suspicious websites or downloading any files from them
  1. Causes and ImpactCauses and Impact
  2. Screenshots of InfectionScreenshots of Infection
  3. Preventive MeasuresPreventive Measures
  4. What Should I Do if Infected?What Should I Do if Infected?
  5. Reference Tools on DecryptionReference Tools on Decryption
  6. VideosVideos
  7. InfographicsInfographics
  8. Promotional EventsPromotional Events
  9. Extended ReadingsExtended Readings

Causes of Infection and Impact

Causes of Infection

  • Open suspicious emails, or attachments and hyperlinks inside
  • Visit websites embedded with malicious programs
  • Download and install software or mobile apps that are embedded with ransomware

Impact

  • Files inside the computing device and other connected storage devices are locked. These data would be lost unless timely backup is available.

Screenshots of Ransomware Infection

The following screenshots illustrate the stages of a computer being infected by a ransomware. It should be noted that different ransomware will have different behaviour.

Step 1 of 7: Files with known extension on a computer before infected by ransomware

Step 1 of 7: Files with known extension on a computer before infected by ransomware



	Step 2 of 7: The user opens a program embedded with ransomware

Step 2 of 7: The user opens a program embedded with ransomware



Step 3 of 7: The ransomware starts to encrypt the files inside the computing device

Step 3 of 7: The ransomware starts to encrypt the files inside the computing device



Step 4 of 7: All documents, photos and media files are encrypted by ransomware

Step 4 of 7: All documents, photos and media files are encrypted by ransomware



Step 5 of 7: A text file is created telling that the files inside have been encrypted

Step 5 of 7: A text file is created telling that the files inside have been encrypted



Step 6 of 7: A graphic file is also created and informs the user of the same content

Step 6 of 7: A graphic file is also created and informs the user of the same content



Step 7 of 7: The wallpaper is changed at last

Step 7 of 7: The wallpaper is changed at last



Preventive Measures

  • Perform regular backups on important data and keep the backup copies disconnected from the computer
  • Install the latest patches for operating systems and software in use
  • Apply least privilege principles to all systems and services
  • Keep your anti-malware program and signatures up-to-date
  • Enable firewall protection
  • Schedule a regular full scan to detect and guard against malware attacks
  • Disable or restrict all unnecessary services and functions such as Remote Desktop Service (RDP) in computer systems
  • Disable all unnecessary ports such as SMB ports (TCP ports 139 and 445) from Internet access
  • Disable macros for Microsoft Word, Excel and other office applications by default
  • Do not open any suspicious emails or instant messages, as well as the attachments and hyperlinks inside
  • Refrain from visiting suspicious websites or downloading any files from them
  • Install software and mobile apps from trusted sources, do not install those apps if suspicious permission rights are required
  • For business operations with a higher risk of exposure to malware infection such as customer enquiry emails handling, a dedicated computer with no network drives and restricted network connectivity to internal network should be used to minimise the impact of infection and the handling staff should keep alert of possible infection


Anti-malware security software

What Should I Do if Infected?

  • Disconnect the network cable of the computer to avoid affecting network drives and other computers
  • Power off the computer to stop the ransomware from encrypting more files
  • Jot down what have been accessed (such as programs, files, emails and websites) before discovering the issue
  • Report to the Hong Kong Police Force for technology crime
  • Recover the data from backup to a clean computing device

Reference Tools on Decryption

You may check if there is any reference tools to recover the encrypted files. Apart from the below reference tools, you could also visit the “The No More Ransom Project” and ID Ransomware (a free website that helps victims identify what ransomware may have encrypted their files) websites to check whether there is a solution available for the infected files.

Videos

INFOSEC Video – Ransomware
INFOSEC Video – Ransomware
Duration: 2:34
HKPC YouTube Channel: 加密勒索軟件襲港 電腦用戶如何自保?(Chinese only)
Duration: 3:47
The Police Public Relations Branch (PPRB) of the Hong Kong Police Force - Beware of Ransomware
Duration: 2:01

Infographics

Promotional Events

Past Events

Date Event Organiser

7

05 / 12/ 2017 –
04 / 12/ 2018
Fight Ransomware Campaign
  • Hong Kong Productivity Council
  • Hong Kong Computer Emergency Response Team Coordination Centre (HKCERT)
  • Office of the Government Chief Information Officer (OGCIO)

6

09 / 12 / 2017
Subject Talks on "New Era of IT" - How to Minimize the Infection of Ransomware?
  • The Hong Kong Public Libraries

5

20 / 06 / 2016
中小企網絡安全研討會 勒索軟件襲港 網絡安全你要知
  • Hong Kong Productivity Council

4

31 / 05 / 2016
Build a Secure Cyberspace 2016 – “Protecting Data from Ransomware Attacks” Seminar
  • Office of the Government Chief Information Officer (OGCIO)
  • Hong Kong Police Force (HKPF)
  • Hong Kong Computer Emergency Response Team Coordination Centre (HKCERT)

3

30 / 05 / 2016
Cyber Security Conference 2016 cum Formation of Cyber Security Alliance
  • Hong Kong Information Technology Federation

2

19 / 04 / 2016
學校資訊保安講座:加密勒索軟件 ~ 防範、數據保障與解決方案
  • Association of I.T. Leaders in Education (AiTLE)

1

22 / 03 / 2016
學校資訊保安講座:加密勒索軟件 ~ 危害、影響與解決?
  • Association of I.T. Leaders in Education (AiTLE)
  • 香港小學電子教育協會

Extended Readings and Other Resources

免責聲明:用戶亦應留意網絡安全資訊站中的重要事項。在下載及使用保安軟件或工具前,請細閱相關的用戶協議和私隱政策。

Back to Top