I have been warning you about the dangers of ransomware for five years, but today’s development is something we have never encountered before. Ransomware is the name for malware that once installed on a computer, often unwittingly through clicking on links in spear phishing emails, encrypts and locks all of the victim’s data. The cybercriminal who sent the ransomware then threatens to destroy the data unless a bounty is paid. Ransomware attacks have been made against government agencies, companies and individuals. Like all forms of malware, ransomware must be downloaded on to your computer in order to cause problems. This is generally done by luring people to click on links or download infected attachments contained in spear phishing emails.
Last week the U.S. Treasury’s Office of Terrorism and Financial Intelligence issued two advisories in which they warned victims of ransomware that paying ransoms will put them at risk of significant penalties for violating federal sanctions and for violating money laundering laws. The Treasury specifically mentioned concerns about payments to groups such as Russia’s Evil Corp and North Korea’s Lazarus Group which both are active perpetrators of ransomware attacks.
For the last five years protection from ransomware has focused on backing up your data daily so that if you do become a ransomware victim, you do not feel compelled to pay the ransom because your data has been protected. However, recently, some cybercriminals have changed their tactics in regard to ransomware. Recently, the University of Utah announced that it had paid $457,059 to cybercriminals who used ransomware to attack the University’s computers and encrypt its data. What was unusual about this was the fact that the University of Utah had backed up all of its data and was in no danger of losing the data if it did not pay the ransom. However, in a relatively new tactic that has been employed against law firms and others recently, the cybercriminals threatened to make public the sensitive information they stole if a ransom was not paid. We are now seeing about 10% of ransomware attacks involve the making public of data accessed by the cybercriminals.
Because ransomware attacks as well as most other types of malware attacks are spread through phishing emails that lure unsuspecting people into clicking on malware infected links or downloading attachments tainted with malware, you should never click on links in emails or download attachments unless you have absolutely confirmed that the email is legitimate. Ransomware attacks are not limited to cities and large institutions. They are also used to attack individuals and extort money from them so everyone should be wary of these attacks.
You also should update all of your electronic devices with the latest security updates and patches as soon as they become available, preferably automatically. Many past ransomware attacks exploited vulnerabilities for which patches had already been issued. The No More Ransom Project has a website that provides decryption tools for some of the older versions of ransomware that are still being used. Here is a link to their website https://www.nomoreransom.org/en/decryption-tools.html It is important, however, to remove the ransomware before downloading and using the decryption tools. This can be done using readily available antivirus software. It is also important to remember that even if you have the most up to date security software on your computer and phone, it will not protect you from the latest zero day defect malware which is malware that exploits previously undiscovered vulnerabilities.
Another precaution you should follow is to regularly back up all of your data on at least two different platforms, such as in the Cloud and on a portable hard drive. However, this will not protect you from a ransomware attack that threatens to make public your data, so everyone should truly focus on not just protecting data in the event of a ransomware attack, but on preventing such attacks through security software and training to recognize phishing and spear phishing emails.
For those of you receiving the Scam of the day through an email, I just want to remind you that if you want to see the ever increasing list of Coronavirus scams go to the first page of the http://www.scamicide.com website and click on the tab at the top of the page that indicates “Coronavirus Scams.” Scamicide was recently cited by the New York Times as one of three top sources for information about Coronavirus related scams.
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and click on the tab that states “Sign up for this blog.”