-
Crime
- Commercial Crimes
- Dishonest Misappropriation Of Property
- Cybercrime
- Housebreaking
- Theft In Dwelling
- Motor Vehicle Theft
- Outrage of Modesty
- CDSA and CMA Bill Amendments
- Sexual Crime
- Voyeurism
- Snatch Theft
- Scams
- Theft Of Bicycle and Personal Mobility Devices
- Unlicensed Moneylending
- Crime Prevention Posters
- Scams Bulletin
- Traffic
- Airport Security
- Donation Draw and Lucky Draw
- Online Criminal Harms Act
- Infrastructure Protection
- Security Outcome-Based Contracting
- Crime
- Commercial Crimes
- Dishonest Misappropriation Of Property
- Cybercrime
- Housebreaking
- Theft In Dwelling
- Motor Vehicle Theft
- Outrage of Modesty
- CDSA and CMA Bill Amendments
- Sexual Crime
- Voyeurism
- Snatch Theft
- Scams
- Theft Of Bicycle and Personal Mobility Devices
- Unlicensed Moneylending
- Crime Prevention Posters
- Scams Bulletin
- Traffic
- Traffic Matters
- Road Safety Tips
- Road Safety Campaigns
- Road Safety Challenge
- Airport Security
- Known Consignor Regime
- Regulated Air Cargo Agent Regime
- Donation Draw and Lucky Draw
- Conduct of Lucky Draw and Donation Draw
- Online Criminal Harms Act
- Introduction to OCHA
- Application for Reconsideration
- Appeal to Reviewing Tribunal
- Infrastructure Protection
- Infrastructure Protection Act
- Protected Areas and Protected Places
- Special Developments / Special Infrastructures
- Building Security
- Security Outcome-Based Contracting
- Security Outcome-Based Contracting
FAQs on Ransomware
- What is ransomware?
Ransomware is a type of malware designed to encrypt files on a device until a ransom, typically in cryptocurrency, is paid to decrypt the files. Some ransomware variants will also try to spread to other machines on the network and, in some cases, the data of ransomware victims may be exfiltrated, leading to the loss of important data.
- How does ransomware infect your computer?
Ransomware commonly spreads through the following means:
- Phishing emails that contain malicious links or attachments. Clicking on these links typically results in the ransomware being downloaded from an external server.
- Malicious advertisements that may exploit vulnerabilities in the web browser to install ransomware, commonly known as “drive-by downloads”.
- Other methods include brute-force attacks, exploitation of insecure Remote Desktop Protocols (RDPs), unpatched Virtual Private Networks (VPNs), replication through removable media and spam campaigns.
- Phishing emails that contain malicious links or attachments. Clicking on these links typically results in the ransomware being downloaded from an external server.
- How will I know if my computer is infected?
Common signs of ransomware infection include:
- Pop-up messages requesting funds or payment to unlock files.
- You cannot access your devices, or are unable to login for unknown reasons.
- Files request a password/code to access them.
- Files have been moved or are not in their usual folders or locations.
- Files have unusual file extensions, or their names or icons have changed to something odd.
- Pop-up messages requesting funds or payment to unlock files.
- How can I protect my computer from ransomware?
Here are some steps you can take to protect yourself from ransomware:
- Install anti-virus/anti-malware software and keep these (and their definition files) updated. Perform a scan of your systems and networks regularly, and scan all received files..
- Organisations can also consider implementing network segmentation that divides a larger network into smaller sub-networks with limited inter-connectivity between them. This will control traffic flow between the sub-networks, prevent lateral movement and limit the spread of ransomware, should one part be compromised.
- Use strong passphrases and enable Two-Factor Authentication (2FA) for all internet-facing services, particularly for webmail, VPNs and accounts that access critical systems.
- Be careful what you click on. Ransomware attacks often start with a malicious email or link. Be careful about clicking on links in emails from unknown senders.
- Back up your data regularly. If you have a recent backup of your data, you can restore it if your computer is infected with ransomware.
- Install anti-virus/anti-malware software and keep these (and their definition files) updated. Perform a scan of your systems and networks regularly, and scan all received files..
- What should I do if I think my computer has been infected with ransomware?
- Disconnect the infected computer from all network access, storage devices and Bluetooth devices.
- Scan and disinfect PC with antivirus or anti-malware programs.
- Visit the NoMoreRansom website to find out the type of ransomware affecting your device and check on the availability of the decryption tool.
- Perform data restoration from your backup sources. Most types of ransomware create some form of persistence in the infected computer, and may re-encrypt data if not properly removed. As such, be sure to perform data restoration on a clean installation that is completely free of the malware.
- Lodge an online police report.
- If you are an organisation and have a data breach incident that is likely to cause significant harm* to the affected individuals, OR affects a significant scale of individuals (i.e., 500 or more), you are legally required to notify the Personal Data Protection Commission (PDPC). For more information, visit the PDPC website.
- If your computer has been infected, you can contact SingCERT (Singapore Cyber Emergency Response Team) to report the incident and for further advice on what to do.
- If your organisation is a victim of ransomware, you may refer to CSA’s ransomware response checklist on steps to identify, contain, remediate and recover.
- Disconnect the infected computer from all network access, storage devices and Bluetooth devices.
- Should I pay the ransom?
Ransom payments are strongly discouraged. There is no guarantee that paying the ransom will result in the decryption of your files. In fact, it encourages threat actors to continue their criminal activities and target more victims. Payments do not guarantee that the data will be decrypted, or that your data will not be published by the threat actors. Threat actors may also see your organisation as a soft target and may strike again in the future.
- What should I do if I have already paid the ransom and my files are still encrypted?
Ransomware is a cybercrime and should be reported to the Police. For any data breaches, report to the Personal Data Protection Commission (PDPC).*
- How can I prevent ransomware attacks?
- Ensure that your mobile phones and computing devices are updated regularly with the latest OS versions and install anti-virus applications that can detect and remove malware.
- Download files, including applications and updates, directly from official verified sources as this ensures that downloaded files are free from malware or viruses.
- Backup your data regularly in a separate system and keep it offline to retain access to your data in the event of a ransomware incident. Such data backups can be done using an external hard disk that is disconnected from your devices or in the Cloud.
- Avoid clicking on suspicious-looking links and pop-up ads or opening files and email attachments from unknown senders.
Example of Ransom Note ▼
Source: BleepingComputer.com
The best way to prevent ransomware attacks is to take steps to protect your computer from malware. You can do so by following the steps below to ensure that your devices are adequately protected against malware:
Read more on how to protect your systems and data from ransomware attacks.
*Note: If you are an organisation and have a data breach incident that is likely to cause significant harm* to the affected individuals, OR affects a significant scale of individuals (i.e., 500 or more), you are legally required to notify the Personal Data Protection Commission (PDPC).
In collaboration with CSA
