It has only been a couple of days since I wrote about another major ransomware attack and now there has been another to report to you about. Ransomware is the name for malware that once installed on a computer, often unwittingly through clicking on links in spear phishing emails, encrypts and locks all of the victim’s data. The cybercriminal who sent the ransomware then threatens to destroy the data unless a bounty is paid. This time the victim of the attack is the company Virtual Care Provider, Inc (VCPI) which provides computer services to 110 nursing homes in 45 states around the country. After infecting the 80,000 computers maintained by VCPI with the Ryuk malware strain through phishing emails, the cybercriminals are demanding a Bitcoin ransom equivalent to 14 million dollars. Among the records blocked by the ransomware are critical medical records for VCPI’s nursing home residents.
Like all forms of malware, ransomware must be downloaded on to your computer in order to cause problems. This is generally done by luring people to click on links or download infected attachments contained in spear phishing emails.
While we are aware of the many ransomware attacks targeting hospitals, government agencies and companies, it is important to remember that ransomware attacks also occur against individuals as well so it is important to take steps to protect yourself from this threat.
Because ransomware attacks as well as most other types of malware attacks are spread through phishing emails that lure unsuspecting people into clicking on malware infected links or downloading attachments tainted with malware, you should never click on links in emails or download attachments unless you have absolutely confirmed that the email is legitimate. Ransomware attacks are not limited to cities and large institutions. They are also used to attack individuals and extort money from them.
You also should update all of your electronic devices with the latest security updates and patches as soon as they become available, preferably automatically. Many past ransomware attacks exploited vulnerabilities for which patches had already been issued. The No More Ransom Project has a website that provides decryption tools for some of the older versions of ransomware that are still being used. Here is a link to their website https://www.nomoreransom.org/en/decryption-tools.html It is important, however, to remove the ransomware before downloading and using the decryption tools. This can be done using readily available antivirus software. It is also important to remember that even if you have the most up to date security software on your computer and phone, it will not protect you from the latest zero day defect malware which is malware that exploits previously undiscovered vulnerabilities.
Another precaution you should follow is to regularly back up all of your data on at least two different platforms, such as in the Cloud and on a portable hard drive.
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and click on the tab that states “Sign up for this blog.”