Wednesday, December 8

São Paulo Civil Police publishes guide against ransomware

The Civil Police of São Paulo released a guide to combat and prevent ransomware, a dangerous cyber crime that has been active in Brazil.

The material was produced by the State Department of Criminal Investigations (DEIC), in its cybercrime division.

It is worth remembering that in cases of cyber crimes, the responsibility for evaluating these cases rests with the Civil Police, who are called upon in such cases. In the state of São Paulo, for example, many agencies have already been targeted by ransomware, such as the Municipality of Taboão da Serra, in a recent case in August 2021.

What does the anti-ransomware material released by the Civil Police of São Paulo say?

In explaining what ransomware is, PC-SP stated that this is malicious code that runs on victims’ computers. With this unauthorized access, all stored data becomes inaccessible, with encryption blocking the victim’s access.

After the attack is carried out, the cybercriminal moves on to the second stage, which consists of negotiating with the victim a payment for the rescue of the data.

Another practice that can occur at this stage is the so-called exfiltration, which consists of transferring the victim’s files to other devices. Thus, in addition to demanding the payment of ransoms, criminals threaten to divulge the victim’s information over the internet.

For the civil police, it is important to avoid being caught by ransomware, keeping the operating systems and software used, such as the Office package, updated, among others. The recommendation is that people also use original software, avoiding programs from unknown sources.

Another practice guided by the Guide Against Ransomwares is about backups, which must be done routinely so that they are always up to date.

Make sure you back up your files regularly. This includes the files on your computers, phones, and any other devices you have.
2.1. Make a “backup” “offline” or “cold”.
2.2. Back up the data to an external hard drive and remove the hard drive
of your device.
2.3. Make a “backup” to the cloud or similar online hosting service.

Other best practices are to keep antivirus and anti-ransomware software installed, scanning files after downloading them. Do not keep Macros enabled in the Office suite, use a firewall, disable automatic recognition of external devices on your computer, and beware of unknown links to internet sites.

I’ve been affected by ransomware, now what?

If you have your computer blocked by a virus that asks for a ransom payment, the Civil Police recommends that the procedure be to try to restore your most recent backup.

Also, you need to reinstall your operating system if you don’t have a recent backup, which can lead to data loss. Seeking help from well-known IT professionals, or even specialized companies, can be one of the solutions, since some ransomware is fake and doesn’t even get installed on the victim’s computer.

Regarding the payment of the ransom, the São Paulo police authority reminds that a victim should never pay, as there is no guarantee that the data will be unlocked and the attacker can attack again in search of new payments.

It is important that victims do not delete the emails and messages received from the criminal. If trading is through social networks, it is important to register the profile name and full link.

If the conversation is over the phone, it is important to record the criminal’s number, as well as the date and time of the conversations. When he asks for payment, it’s good to write down his Bitcoin wallet and even bank account details, if possible, taking all this information to a Civil Police station closest to your home.

“d) Write down the data of any bank accounts, including electronic wallets of
bitcoins reported by the criminal;”

The São Paulo civil police guide against ransomware can be downloaded for consultation neste link.