Phishing Attacks Now Have Ransomware Payloads

Do you back up everything each hour when your system is busy, and at least once a day, if it is not? Do you disconnect your backup devices from your system when they are not actually backing up? You may have answered the first question affirmatively. However, if you answered the second, “No, I always keep my backup devices running,” you could be vulnerable to a phishing attack.

Yes, your firewalls are secure, and Kaspersky or some other top antivirus software is watching your back. But you have another exposure that can open your front door to attacks.

Here’s how phishing works: Your employee (or maybe your own child) receives this friendly looking (albeit bogus) email from someone they know or some organization they consider benign. The email has text to the effect “Wow! We really loved this picture of (insert entertainer’s name) at the last concert. Open the attachment (or click this innocent looking link) and see if you agree!”

Whether the email has an attachment or link, two alternative bad things can happen:

1. The disguised .jpg attachment

Everyone knows that a .jpg image is harmless, right? Wrong. Say the title of the image attachment is titled concert.jpg. What scammers actually do is bank on the fact that most computers hide extensions.

The actual file extension is either .exe or .zip. So the file’s name is concert.jpg.zip. The zip (or .exe) gets hidden, but click on it and it goes to work. The work can be anything from spraying hostile code to inserting bots that take over your computer and also after your contact list to propagate outward.

2. The little link that could do damage

Click on that link lure and you’ll be taken to a hostile site. The site is waiting to download the equivalent of digital landmines into your system. Or it could be a connection to the Darknet where this guy with a Russian-sounding name is waiting to kidnap your system through the pernicious ransomware attack.

And now, the double ransomware whammy…

Ransomware is not a new threat, having been around for several years. But as potential victims have grown wary of malware, and spam email is increasingly shunted to the junk box, crooks have adapted. Email phishing attachments might go beyond the social and look like an authentic invoice or electronic fax.

According to the FBI, ransomware attacks “are not only proliferating, they’re becoming more sophisticated.” Where they were once just delivered through spam emails, now unwary web surfers can trip over legitimate websites with malicious programming, which takes advantage of unprotected end-user portals.

The ransomware, once introduced, encrypts files on local drives, including anything else hooked up to the system–including backup systems and devices.

A semi-final word about backing up

If, despite all your precautions, a phishing attack is successful and you see that scary ransomware message on your computer monitor, you’ll have but two options: 1) pay the ransom, or 2) restore your system from an uninfected backup source.

Paying the ransom brings no guarantee that whoever is holding your system for ransom will send the decryption code. They might, but they are just as likely to further infect your system with additional malware. However, if you followed the advice to run frequent backups on devices only connected to your system during the backup operation, you can recover. You will only lose data entered or changed after the last backup.

Finally, the importance of a business continuity plan

Nothing will cripple your business like shutting down access to your financial and other proprietary data. The lost revenues and extra expenses can cut deeply into a business’s bottom line, and business disruption insurance won’t cover the intangibles like loss of customer confidence. So a well-designed backup protocol is just one element of an agile business continuity plan.

In the meantime, beware of bogus emails bearing dangerous attachments and links. Even if you know the originator, you can’t be sure they are not sending you a bomb disguised as a smooch.

Centerpoint IT is the trusted choice when it comes to staying ahead of the latest information on security threats, technology tips, tricks, and news. Contact us at (404) 781-0200 or send us an email at info@centerpointit.com for more information.