XMI SECURITY UPDATE
Last time we discussed “phishing” attacks, which continue to be prevalent and today’s topic of ransomware goes hand-in-hand.
In recent years, we’ve seen a dramatic increase in the use of ransomware being delivered alongside phishing emails. Attackers usually send an attachment such as “URGENT ACCOUNT INFO” with a file extension of “.PDF.zip” or “.PDF.rar,” which slips by the unsuspecting victim and infects the computer with its malicious software. This attack often encrypts the entire hard disk, files and documents, or freezes a network and requires a bitcoin payment to receive a “key”, which will unlock. Luckily, many keys actually do unlock the data – this way future victims are more likely to pay, but recent attacks are just taking the money.
From an organizational perspective, a ransomware attack can be devastating and costly. While many of these threats are known, they remain highly elusive and difficult to detect due to the amount of variants being produced, specifically to circumvent existing detection methods. For example, attackers have become much more skilled at not using attachments and instead piggybacking on known email addresses that request that a user login to a familiar site to complete an activity. This activity then allows for exposure to the ransomware.
WHAT CAN YOU DO
To minimize the chances of yourself as an individual of falling a victim to these dirty schemes? Here are a few steps you can take:
- DO NOT open emails in the spam folder or emails whose recipients you do not know.
- DO NOT open attachments in emails of unknown origin.
- Use a reputable antivirus software such as the XMI provided Webroot.
- Perform a regular backup to an external medium (external hard drive or the cloud).
- After backing up, disconnect your drive. Current ransomware is known to encrypt your backup drive as well.
- DO NOT pay the ransom. The reason why the criminals keep utilizing this form of blackmailing attacks is that people keep paying. Work with your support personnel.