SALT LAKE CITY — In the wake of hoaxes like the Google Doc scam, gone are the days when anyone could open an email and know they were protected from disastrous results. Wily hackers use means and methods to trick people into opening emails and ruining their systems, and those methods are getting more and more advanced.
Ransomware, or software that blocks access to a computer until a ransom is paid, has become such a pervasive problem that even popular TV shows use the malicious software as a plot device.
On a recent episode of the long-running hit, NCIS, a Navy admiral clicked on the wrong email. As a result, ransomware took over his computer and demanded he pay a ransom to retrieve the contents of his locked data. The admiral refused to pay the fee, claiming that he never gave in to threats. The threat, however, would have destroyed precious family photos of his deceased wife.
Variations of this scenario have played out recently in many countries around the world. In recent months, Germany, Norway and Austria were the largest targets, but the United States and at least a dozen countries had this same computer malware invasion.
This ransomware, known as TorrentLocker, sent over 50,000 emails that included embedded links for over 800 Dropboxes. The Dropbox links, once clicked, installed the ransomware on the user’s computer.
Now, it’s not that people are mindlessly gullible. People just follow the routines they have been taught and follow every day. In the TorrentLocker ransomware attacks, the victims clicked on a URL link embedded in a perfectly normal, legitimate-appearing email, much like the Google Doc scam.
Scams like these capitalize on human nature and habits and use phishing strategies. TrendMicro, which fights ransomware and other malware, has studied the attacks and noticed one important trend: all of the attacks occurred when employees opened their emails in the morning.
Many employees have developed a habit of checking emails right when they get into work. Unpaid invoices and shared Google Docs don’t seem far-fetched and or out-of-place in an inbox.
Clicking on a Dropbox location seems like a plausible way to access invoice information, and the text in the Dropbox references bills, invoices or account numbers to make it seem more authentic.
The employee who is unfortunate enough to click that link to the Dropbox, however, winds up with a very simple notice telling them that their files are encrypted. Then, they are told to follow the link provided to recover their data … which then demands a ransom.
Malware is installed with these actions and the computer user’s system becomes locked and inaccessible. In addition to making data vulnerable to the hackers, malware causes a huge lack of productivity while companies figure out how to repair the damage.
To protect your data, security software experts suggest a few precautions:
Backing up data in three different places (including one off-site location) ensures you won’t lose everything in the event of a malware attack. Having a removable drive, like a flash drive, can also be helpful. Backing up data isn’t useful, however, unless it’s done regularly.
If a sender’s display name is slightly amiss or a URL is mismatched, pay attention. Misspelled logos or phrases that are slightly “off” can also signal something awry. Those anomalies can often be the first clues to recognizing a malware attack.
Often, gateway mail scanners have the ability to filter files by extension. Denying mail sent with “.EXE” files or two file extensions can prevent you from receiving any emails that may trick you into clicking a dangerous download or links.
Dropbox is a legitimate site, but the way TorrentLocker uses it is not. The Google Doc scam was especially concerning because the Google Docs were shared by Gmail users’ contacts. Many inherently trust Google Docs sent by people they know and have a habit of instantly clicking if someone shares a document with them.
If something looks suspicious, don’t forward it on. Be especially wary of what you forward so your contacts and others aren’t also subjected to a spreading malware attack.
Extra protection never hurts and there are quite a few anti-malware softwares out there, as well as software firewalls that help you recognize threats or suspicious behavior. If you get hit by malware that’s so new (since malware authors generally like to try new variants to avoid detection), your anti-malware software might not catch it, but your software firewall probably will.
If you are afflicted by malware, disconnecting from the WiFi or unplugging from the network as soon as physically possible might possibly stop communication with the C&C server before the ransomware encrypts all your files. This is more treatment than prevention, but in a last-ditch scenario, it’s not a bad idea.
Hackers have become increasingly sophisticated in their approaches by using Bitcoin and other types of monetary demands to make it harder to track them. They also often reference companies that are seemingly legitimate and the wording used in malware hacks has gotten more appropriate for the language of the locations they target.
Malware is a scourge, but being prepared is the antidote. Take precautions when reading your email or clicking on a link and try not to go into autopilot mode, even on a Monday morning. It could save you quite a lot of hassle later.
Showing of 12 comments