Ransom Malware

Watch For Scams is dedicated to helping you avoid becoming a victim of fraud.

If you like this ezine, do a friend a big favor and forward this to them. If a friend forwarded this to you, and if you like what you read, please subscribe by visiting the link below:

Subscribe Here

Ransom Malware

The inability to access the important data can be catastrophic in terms of the loss of sensitive or proprietary information, the disruption to regular operations, financial losses incurred to restore systems and files, and the potential harm to an organization’s reputation. Home computers are just as susceptible to ransomware and the loss of access to personal and often irreplaceable items — including family photos, videos, and other data—can be devastating for individuals as well.

In a ransomware attack, victims upon seeing an e-mail addressed to them will open it and may click on an attachment that appears legitimate, like an invoice or an electronic fax, but which actually contains the malicious ransomware code. Or the e-mail might contain a legitimate-looking web address, but when a victim clicks on it, they are directed to a website that infects their computer with malicious software.

One the infection is present, the malware begins encrypting files and folders on local drives, any attached drives, backup drives, and potentially other computers on the same network that the victim's computer is attached to. Users and organizations are generally not aware they have been infected until they can no longer access their data or until they begin to see computer messages advising them of the attack and demands for a ransom payment in exchange for a decryption key. These messages include instructions on how to pay the ransom, usually with bitcoins because of the anonymity this virtual currency provides.

Ransomware attacks are not only proliferating, they’re becoming more sophisticated. Several years ago, ransomware was normally delivered through spam e-mails, but because e-mail systems got better at filtering out spam, cyber criminals turned to spear phishing e-mails targeting specific individuals. And in newer instances of ransomware, some cyber criminals aren’t using e-mails at all — they can bypass the need for an individual to click on a link by seeding legitimate websites with malicious code, taking advantage of unpatched software on end-user computers.

Paying a ransom doesn’t guarantee an organization that it will get its data back — there have been cases where organizations never got a decryption key after having paid the ransom. Paying a ransom not only emboldens current cyber criminals to target more organizations, it also offers an incentive for other criminals to get involved in this type of illegal activity. And by paying a ransom, an organization might inadvertently be funding other illicit activity associated with criminals.

Tips for Dealing with Ransomware.

While the below tips are primarily aimed at organizations and their employees, some are also applicable to individual users.

◾ Make sure employees are aware of ransomware and of their critical roles in protecting the organization’s data

◾ Patch operating system, software, and firmware on digital devices (which may be made easier through a centralized patch management system)

◾ Ensure antivirus and anti-malware solutions are set to automatically update and conduct regular scans

◾ Manage the use of privileged accounts—no users should be assigned administrative access unless absolutely needed, and only use administrator accounts when necessary

◾ Configure access controls, including file, directory, and network share permissions appropriately. If users only need read specific information, they don’t need write-access to those files or directories

◾ Disable macro scripts from office files transmitted over e-mail

◾ Implement software restriction policies or other controls to prevent programs from executing from common ransomware locations (e.g., temporary folders supporting popular Internet browsers, compression/decompression programs)

◾ Back up data regularly and verify the integrity of those backups regularly

◾ Secure your backups. Make sure they aren’t connected to the computers and networks they are backing up

If you believe you have been a victim of this type of scam you should promptly report it to the IC3's website at www.IC3.gov. The IC3's complaint database links complaints together to refer them to the appropriate law enforcement agency for case consideration.

Remember - always watch for scams!

Steve