ORGANISATIONS and businesses processing financial transactions via email in Guyana are at high risk of randomware attacks, a computer containment method used by cyber hackers to restrict access to computers and demand payment for access by users.The attacks are on the rise globally, and at least one government agency in Guyana has experienced it. According to a release from the Guyana National Computer Incident Response Team (GNCIRT), a unit attached to the Ministry of Public Security, citizens should be aware of a sudden surge in randomware attacks being experienced globally.
Randomware is a type of malicious software which encrypts or takes control of one’s computer data files, and demands payment in return for the key to decrypt those files. According to the release, a successful randomware attack will encrypt one’s data files and make them unavailable to one. Subsequently, when an individual or member of staff tries to access the data files, that person is pointed to a ransom note with directions on how to make a payment in order to regain access to the data files.

The GNCIRT said that security researchers have reported a nine-fold increase in randomware attacks over a two-week period. Regionally, Paraguay has recently experienced a randomware campaign against its citizens.

GNCIRT said it has received a recent report of randomware infecting several computers at a prominent government agency in Guyana and causing irreparable damage to important data files and inconvenience to users. Against the backdrop of a global trend, the body believes that Guyanese users, especially organisations and businesses processing financial transactions via email, are at high risk.

In addition, the body is advising that payment should never be made, as there is no guarantee that the attackers will provide the decryption key. Instead, all precautions should be taken to prevent a successful attack.

According to the release, the current trend is for the malware to be propagated via spam email with malicious attachments, and the subject of the emails relate to alleged ‘Invoices’, ‘Payments’, ‘Payment Notices’ or ‘Wire Transfers’ . They typically have a ‘Reference Number’ or ‘Invoice number’, followed by random numbers to appear legitimate.
Such emails have an accompanying malicious attachment, which is typically a zip file, and include the reference number and words such as ‘invoice’ or ‘info’ or ‘note’. The use of these keywords suggests that the attackers are targeting businesses and organizations involved in processing financial transactions, the release said.

GNCIRT advises that all staff accessing emails on their desktops or on their mobile phones should be made aware of this threat. They should be alerted not to click on any suspicious emails or download any suspicious attachments. While the immediate threat is against Microsoft Windows desktop users, mobile phone users are also at risk for randomware infection.
Persons using a personal computer at home are advised to delete any suspicious e-mails, and to be on the alert for future threats; while persons using an organization’s e-mail service should immediately report these spam mails to their System and Network Administrator, or to any such person(s) who may be administering the network and email services.

In addition, several preventative measures can be taken. These include the regular backup of data files to limit the loss of data, while daily backups of critical files should be done by the System Administrator. Such backups should be securely stored away from the computer systems, and flash drives and backup drives should not be left connected to computer systems.

Persons should exercise caution when opening emails, since carelessness can expose an entire network to serious loss of data.
In addition, persons should pay special attention to emails from unknown email addresses, those with attachments and emails appearing to suggest payments, receipts and invoices.

Computers should also be equipped with antivirus software, to scan for malware, and there should be online protection as well as scheduled boot scans.

In the event one’s computer is affected, GNCIRT advises, persons should not pay the ransom demanded. In addition, persons should immediately disconnect the impacted system from the network, and quarantine same in a secure location.

The GNCIRT should be notified in the event of such attacks. The unit can be contacted on 222-8862 and info@cirt.gy by email.