Latest update February 10th, 2025 7:48 AM
Local businesses placed on high alert about computer malware threat
-hackers demand payment to restore data
The Guyana National Computer Incident Response Team (GNCIRT) is putting local businesses and organsations on alert to the threat of individuals who are causing damage to computer data and demanding payment for that data to be restored.
The warning comes in the wake of a recent incident in which computer data from one prominent Government agency was infected by ransomware.
“The Guyana National Computer Incident Response Team (GNCIRT) had one recent report of ransomware that infected several computers at a prominent Government agency in Guyana and caused irreparable damage to important data files and inconvenience to users,” the GNCIRT release stated.
“Given the global trend, GNCIRT has reason to believe that Guyanese users, especially organisations and businesses processing financial transactions via email, are at high risk.”
“Ransomware is a type of malicious software that encrypts your data files and demands payment in return for the key to decrypt your files. A successful ransomware attack will encrypt your data files and make them unavailable to you.
“When an individual or member of staff tries to access the data files, they are pointed to a ransom note with directions on how to make a payment in order to regain access to the data files.”
“GNCIRT advises that a payment should never be made as there is no guarantee that the attackers will provide the decryption key. Instead, all precautions should be taken to prevent a successful attack.
The release stated that the current trend is for the malware to be propagated via spam email with malicious attachments. The subject of the emails relate to alleged ‘Invoices’, ‘Payments’, ‘Payment Notices’ or ‘Wire Transfers’ and typically have a ‘Reference# or Invoice#’ followed by random numbers to appear legitimate.
The emails have an accompanying malicious attachment which is typically a zip file and include the reference number and words such as ‘invoice’ or ‘info’ or ‘note’. The use of these keywords suggests that the attackers are targeting businesses and organizations involved in processing financial transactions.
Examples of email headers are:
“GNCIRT advises that all staff accessing emails on their desktops or on their mobile phones be made aware of this threat. They should be alerted not to click on any suspicious emails or download any suspicious attachments. While the immediate threat is against Microsoft Windows desktop users, mobile phone users are also at risk for ransomware.
Persons who are using a personal computer at home are advised to delete any suspicious e-mails and to be on the alert for future threats.
Persons using an organization’s e-mail service are advised to immediately report these spam mail to their System and Network Administrator or any such person(s) who may be administering the network and email services.
GNCIRT advised that the following preventative measures be taken:
- Make regular backup of your data files to limit the loss of data. Daily backups of critical files should be done by the System Administrator.
- Backups should be securely stored away from the computer systems. Flash drives and back up drives should not be left connected to computer systems.
- Alert all staff to exercise caution when opening emails. One careless act can expose an entire network to serious loss of data.
- Pay special attention to emails from unknown email addresses, emails with attachments and emails appearing to suggest payments, receipts and invoices.
- Observe emails that appear to come from known associates with minor variations to their names and email addresses.
- Also be aware of attachments with file extensions that do not match the respective document types eg. Executable files (.exe, .js, .bat, etc) masquerading as office documents (.docx, .xlsx, .odt, .pptx, etc).
- Use an antivirus software to scan for malware. There should be online protection as well as scheduled boot scans. It is important that the antivirus software be kept up-to-date to ensure that new strains of the viruses are detected.
- Do not use pirated software, as most pirated software contain malware.
- Plug all vulnerabilities by installing all approved patches (updates) for your operating system and application software.
If infected, GNCIRT recommends the following steps be taken to mitigate the impact:
- Do not pay any ransom demand.
- Disconnect the impacted system/s from the network immediately and quarantine same in a secured location.
- Halt usage of impacted system/s to minimize loss of data.
- Attempt to identify which variant of ransomware you are infected with.
- Notify the Guyana National Computer Incident Response Team
Please refer to www.cirt.gy for more details.
Reference: GNCIRT ALERT #2015-2
The release stated that regionally, Paraguay has recently experienced a ransomware campaign against its citizens.
“GNCIRT asks that this advisory be taken seriously, as failing to do so may make you or your organization the next victim of ransomware.
Similar Articles
THE BLUNT OF THE DAY
Sports
Features/Columnists
Forward to the past
Peeping Tom… Kaieteur News-Guyana’s debt profile, both foreign and domestic, has become a focal point of economic... more
OAS Secretary General Election and renewed OAS Consensus
Antiguan Barbudan Ambassador to the United States, Sir Ronald Sanders By Sir Ronald Sanders Kaieteur News- The upcoming election... more
Weekend Cartoon
