Blog

Ransomware

A New Email Threat

Ransomware Joins Viruses and Phishing

80% of ALL data theft begins with ‘phishing’.
That happens when a person clicks on a link or
a file attachment in an email

A Common Thread in Malware
Social engineering is extensively used to distribute ransomware as well as malicious viruses and ‘phishing’ for information. Email is the most common vector – usually with malware sent as an attachment (typically zip, doc, or xls files). As criminals harvest email addresses from unknowing victims, it’s possible that the sender email on a ransomware attempt is someone you know, or a business you are familiar with.

We attended a conference on security in the information technology industry with a panel of experts that included the FBI Special Agent who leads the cyber security effort in New York. We learned that 80% of ALL data theft begins with ‘phishing’. That happens when a person clicks on a link or a file attachment in an email.

What Happens in a Ransomware Attack
Criminals using social engineering send emails that look like legitimate business communications. A new variant, “Goldeneye”, offers a PDF attachment with a job application, and that PDF suggests opening an aptitude test in an accompanying Excel file. If that Excel file is opened, the malware will begin to encrypt both the local disk Master File Table, and many disk files. If you are unlucky enough to have that happen, there is a ransom request just to be able to start the computer (the Master File Table), and if that is paid, a separate ransom request to decrypt the disk files themselves – potentially requiring two separate (and expensive) payments to criminals. For more information and technical details on this particular variant, see Sophos Goldeneye Article .

How You Can prevent Ransomware
Ideally, never open ANY email attachment, but if you must, take a moment to ask some common sense questions:
• Do you know the sender?
• Why would the sender include an attachment?
• Verify any link to a web page by inserting the domain name (like, mystore.com) into a web browser

Almost all malware is preventable if you stay alert and cautious.

Work with your local IT hardware service provider to limit the vulnerability of your network. Ask if most or all users can run without “administrator” privileges, which can limit a malware attack.

A Recent Example
Recent malware attempts have included emails that look as though they come from well-known shipping companies like FedEx, UPS, and DHL. Think about it: Did you send a package? Do you expect a shipment? Do you recognize the sender? Don’t click on a link to a website. Instead copy the tracking number and use your browser to go to the shipping company website. And don’t be curious—act only if you need to.

Even with current security and anti-virus software installed on your computer, it’s possible that ransomware can still get through. The malware is constantly being changed, and it’s difficult to keep up to date with all the variants. In most cases, when ransomware is launched by opening an email attachment, there is a request by the user to run (and even bypass security warnings on the computer).

What If You Suspect Ransomware Is Running on Your Computer?
Immediately disconnect your network connection, to prevent further network attacks. Turn off your computer power (or if a laptop, shut down as quickly as possible). Do not turn on your computer. Call your local IT or network support company and describe the situation.

What You Can Do in Advance
Making sure you have regular and current backups of critical files might eliminate the need to ever pay ransom if your files are encrypted. And, there are commercially-available tools to remove malware and decrypt some variants. If you experience an attack, it’s especially important that your IT service provider carefully check all network drives to make sure that those files have not been encrypted by the malware.

The last line of defense is a personal password manager. We recommend RoboForm Everywhere and 1Password.

BRS Dental Software will assist you. Contact me for additional information or to discuss your situation and any concerns.  Send a request:

Name

Telephone

Email
Message

Randall B. Smith
Sr. VP Consulting & Support
BRS Dental Software