GEORGETOWN, Guyana (CMC) – Guyanese officials have told nationals whose computers have come under attack from “ransomware” not to pay any ransom, noting that a government agency has suffered “irreparable damage to important data files”.

The Guyana National Computer Incident Response Team (GNCIRT) said it wanted to alert the general public of the sudden surge in ransomware attacks being experienced globally and that security researchers are reporting that ransomware attacks have increased nine-fold in a two-week period.

GNCIRT said it has received one recent report of ransomware that infected several computers at a prominent government agency in Guyana and “caused irreparable damage to important data files and inconvenience to users.

“Given the global trend, GNCIRT has reason to believe that Guyanese users, especially organisations and businesses processing financial transactions via email, are at high risk,” it added.

Ransomware is a type of malicious software that encrypts your data files and demands payment in return for the key to decrypt your files.

“A successful ransomware attack will encrypt your data files and make them unavailable to you. When an individual or member of staff tries to access the data files, they are pointed to a ransom note with directions on how to make a payment in order to regain access to the data files.

“GNCIRT advises that a payment should never be made as there is no guarantee that the attackers will provide the decryption key. Instead, all precautions should be taken to prevent a successful attack.”

GNCIRT said that the current trend is for the malware to be propagated via spam email with malicious attachments. The subject of the emails relate to alleged ‘Invoices’, ‘Payments’, ‘Payment Notices’ or ‘Wire Transfers’ and typically have a ‘Reference# or Invoice#’ followed by random numbers to appear legitimate.

“The emails have an accompanying malicious attachment which is typically a zip file and include the reference number and words such as ‘invoice’ or ‘info’ or ‘note’.”

GNCIRT said that the use of these keywords suggest that the attackers are targeting businesses and organisations involved in processing financial transactions.

“GNCIRT advises that all staff accessing emails on their desktops or on their mobile phones be made aware of this threat. They should be alerted not to click on any suspicious emails or download any suspicious attachments. While the immediate threat is against Microsoft Windows desktop users, mobile phone users are also at risk for ransomware.

“For persons who are using a personal computer at home, they are advised to delete any suspicious e-mails and to be on the alert for future threats.

“For persons using an organisation’s e-mail service, they are advised to immediately report these spam mails to their system and network administrator or any such person(s) who may be administering the network and email services.

GNCIRT said it was also advising people to make regular backup of your data files to limit the loss of data and that backups should be securely stored away from the computer systems. Flash drives and backup drives should not be left connected to computer systems.

“Observe emails that appear to come from known associates with minor variations to their names and email addresses. Also be aware of attachments with file extensions that do not match the respective document types eg. Executable files (.exe, .js, .bat, etc) masquerading as office documents (.docx, .xlsx, .odt, .pptx, etc).”.