Australian small businesses should double check suspicious emails because they may contain destructive ransomware, The Australian Competition and Consumer Commission (ACCC) has warned.
The warning follows the ACCC’s latest Targeting Scams Report that found almost $1 million was lost to ransomware attacks last year. My Business reports ransomware is a malware variant that restricts access to an infected computer system unless money is paid to the scammer to remove the infection.
ACCC deputy chair Michael Schaper said the watchdog received over 2,500 ransomware complaints last year, with over $970,000 reported lost by small businesses. Some individual businesses reported losing over $10,000 to the scams.
The ransomware infected most systems by email. Victims reported opening an email which claimed to be from a reputable source like FedEx or Australia Post.
“Ransomware can see your business losing all of its business and financial records, which may be catastrophic,” Schaper said.
“Many small businesses and consumers have reported that their computer has been frozen, with a pop-up alert that claims to be from the Australian Federal Police stating the computer has been locked because they have visited an illegal website or breached various laws.”
“Scams like this often succeed because they look like messages from a government agency or reliable large corporation. It’s important that small businesses are aware that government agencies will not send these demands and they’re dealing with a scammer.”
SCAMwatch offers business owners the following tips to guard against ransomeware:
- Ensure your computer has a firewall and up-to-date anti-virus and anti-spyware software.
- Do not click on links or download files in emails you receive out of the blue; especially if they are executable (.exe) files or zip files. These files are likely to contain malware.
- Use a pop-up blocker as a lot of ransomware is delivered after following links in pop-up alerts.
- If there is any doubt about the legitimacy of an email supposedly from a legitimate business, do not rely on contact details or links provided or open any attachments – contact the organisation using the number in the telephone directory or on their official website to verify.
- Regularly back up your computer’s data on a separate hard drive so this can be easily re-installed if your computer is infected by malware or ransomware.