Last year was the year of online extortion. In 2016 there was a 300% increase in online extortion attempts. Over one million US businesses were infected with ransomware by year end. This year the ransomware threat continues with malicious software and viruses that are more sophisticated than ever.
What is Ransomware?
Ransomware is unlike any virus you are accustomed to. It is not an attack on computer systems – it is an attack on human vulnerabilities. These sophisticated viruses prey on human mistakes in order to take control of your organization. These threats require just one user to make just one ill-fated mouse click. That one click could be devastating to your entire organization.
Ransomware is a form of malicious software developed to restrict user’s access to their data until a ransom is paid to the hacker in exchange for a decryption key to unlock the files. Ransomware infects all files it gains access to such as image files (jpeg, tif, etc), Adobe PDF documents, Microsoft Office generated files (such as Word, Excel and PowerPoint files) and other files that computer users have direct access to.
Ransoms are usually demanded in bitcoin, a form of cryptocurrency or digital money that is very difficult to track. In addition, a time limit is imposed upon the victim – generally a period of 24 hours from the time the malware encrypts the file. If the victim fails to pay the ransom (or successfully restore their data from their own backup solutions), the key is destroyed and access to the files is lost forever.
Unlike traditional viruses, the hacker is completely uninterested in the contents of the files they attack. These individuals are not trying to obtain your corporate data. They are not trying to steal corporate credit cards or bank information. A ransomware infection is a quick and dirty extortion attempt that aims to take advantage of a company’s reliance upon their digital files in hopes that the organization lacks sufficient recovery tools thus forcing them to pay funds to regain access to their data.
How Does Ransomware Infect My PC?
If your organization is to reduce its risk of becoming infected with ransomware, your users must understand how ransomware exploits human error to gain access to the user’s computer files. In this month’s blog I’m going to discuss how ransomware is transmitted by email. Next month’s column will introduce the role malicious websites and software downloads play in the spread of ransomware and additional ways you can minimize your chances of infection.
Most commonly, ransomware is distributed by email to unsuspecting emails users. Frequently they take the form of social media invitations that look identical to the invitations one would receive from a legitimate social media site. An example of two LinkedIn invitation requests is below. The invitation on the left contains malware. The invitation on the right is a legitimate connection request.
Avoid being scammed by managing your online accounts directly from the vendor’s website. Accept social media invitation requests and respond to social media notices from social media applications or directly from the social media websites.
The use of faxing and scanning is prevalent in the modern workplace. Cyber criminals have created phishing emails that look like the eFax and Scan notifications that are commonly seen in businesses. One of the most frequent scams appears to come from Xerox Workcentre and asks the recipient to download the attached scan from their Xerox multifunction device. The attachment contains malicious software. The scam is effective because of the prevalence of Xerox Workcentres in use. Recipients mistake these fraudulent emails for legitimate notices. Even individuals who do not have Xerox equipment fall victim often because they are busy or distracted and do not pay attention to the sender’s information.
Be mindful of the generic emails you receive regarding fax and scan files. If your organization does not receive faxes or scans by email, delete them. If your company frequently receives eFax and Scan notices by email, be diligent in verifying the sender prior to clicking on a link or attachment.
Another threat is emails that are generically sent in bulk to user databases that have been mined or purchased with one goal: to defraud the recipient. This practice is known as phishing. The senders often pose as business vendors that are common to large populations of individuals (such as AT&T, Yahoo, Chase). To the untrained eye, the emails often appear to be legitimate.
A final email scam you must familiarize yourself with is a practice known as spear phishing. A spear phishing attack is a targeted attempt to defraud an individual by posing as someone that he or she knows. You may be thinking “my company is too small to be a victim of an attack like this.” We have seen companies with as few as three employees receive spear phishing emails. In reality, these emails are incredibly easy to fake. Today’s sophisticated data and contact mining tools available on the internet (many of them at no charge) provide hackers with everything they need to automate the creation these with relative ease and minimal time. The most practical practice for avoiding these sophisticated attacks is one that is a difficult practice to enforce, but doing so is critical to the protection of your computer users. Do not open an attachment you are not expecting, even if you know the sender. Consider a “no attachment” policy in your organization. That sounds difficult, but we have one we abide by. Internally no attachments can be sent from one staff member to another. We use internal cloud-based sharing tools to facilitate document sharing and collaboration. Attachments received by third parties must be verified with a phone call back to the sender before they can be opened.