I have written many times about ransomware because it continues to be a major problem to business, governments and individuals alike. Ransomware is the name for malware that once installed on a computer, often unwittingly through clicking on links in spear phishing emails, encrypts and locks all of the victim’s data. The cybercriminal then threatens to destroy the data unless a bounty is paid. In 2017 we experienced two massive ransomware attacks against millions of computers around the world. These were the infamous WannaCry and Peta ransomware attacks. Later, the city government of Atlanta becoming a victim of ransomware when some of its systems were frozen using the infamous SamSam family of malware that has been used successfully against a number of companies and municipalities. In its 2018 Verizon Data Breach Report, Verizon, which gathered data from 65 organizations in 65 countries, found that ransomware, which was only the 22nd most common malware in 2014, is now the number one most common malware used by cybercriminals. GandCrab is a common form of ransomware that continues to evolve and become more sophisticated. According to security firm Kaspersky, GandCrab accounts for 40% of the current ransomware market and it is a market because the developers of GandCrab like the developers of other types of malware create their malware and then sell or lease it to less sophisticated criminals on the Dark Web which is that part of the Internet where criminals buy and sell goods and services.
Like all malware, ransomware must be downloaded on to your computer in order to cause problems. This is generally done by luring people to click on links or download infected attachments contained in spear phishing emails. Many of the spear phishing emails containing links to the GandCrab ransomware come with subject lines that read, “My love letter to you,” “Fell in love with you,” or “Wrote my thoughts down about you” or other similarly themed subject lines. Other times the ransomware may come with an attachment that appears to be an invoice.
Because ransomware attacks as well as most other types of malware attacks are spread through phishing emails that lure unsuspecting people into clicking on malware infected links or downloading attachments tainted with malware, you should never click on links in emails or download attachments unless you have absolutely confirmed that the email is legitimate.
You also should update all of your electronic devices with the latest security updates and patches as soon as they become available, preferably automatically. Many past ransomware attacks exploited vulnerabilities for which patches had already been issued. The No More Ransom Project has a website that provides decryption tools for some of the older versions of ransomware that are still being used. Here is a link to their website https://www.nomoreransom.org/en/decryption-tools.html It is important, however, to remove the ransomware before downloading and using the decryption tools. This can be done using readily available antivirus software. It is also important to remember that even if you have the most up to date security software on your computer and phone, it will not protect you from the latest zero day defect malware which is malware that exploits previously undiscovered vulnerabilities.
As for protecting yourself from ransomware, you should regularly back up all of your data on at least two different platforms, such as in the Cloud and on a portable hard drive.
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and click on the tab that states “Sign up for this blog.”