It’s still big business for crooks, most of whom have switched from the “Nigerian Prince” letters because it’s a far easier way of generating money.
An employee gets an official-looking email about an invoice or a spreadsheet. They click on the link. Boom: all your data is encrypted, and you have to pay 2 Bitcoin (about $1,500.00) to get it back (and sometimes you don’t.) You lose business, and the ultimate cost ends up being much higher.
There are two main lines of defense against ransomware: Backup and Education
1 – Backup
If you’re not backing up your files, you’re vulnerable to data loss, which can cost you big time. Many people back up their files manually to an external drive. And that’s good, but there are problems with this system.
- It’s hard to remember what files have been modified on any given day
- It’s easy to forget to do your backup
- A local disk is susceptible to theft or damage, or can fill up.
- You can actually back up corrupted files if you’re not aware of when the infection took place. The nasty thing with many ransomware viruses is that they start to encrypt your files, and only give you the popup warning after the process is complete.
I recommend a cloud-based, dynamic backup system; I use Carbonite™ (and I’m not a paid shill for the company.) For the roughly 11¢ per day that the service costs me, I do whatever I need to on my computer and sleep well at night, knowing that if there’s a disaster of any sort – ransomware, hard drive crashes, fire, theft, you name it – I can get my critical data back. I once had a hard drive crash without backup, and it cost me over 3 grand to have a forensic data specialist retrieve my files (a ripoff, Seagate would have done it for half the price, but that’s another story.)
2 – Education
Educate yourself, and educate your friends, family, and employees. People click on things without thinking, and that’s never been good computing practice. It’s more important than ever to be careful about links contained in emails.
Have a look at this selection of emails that I received just this week:
Subject: Payment Information
Good afternoon. Thank you for sending the bill.
Unfortunately, you have forgotten to specify insurance payments.
So, we cannot accept the payment without them.
All details are in the attachment.
Subject: E-Mailed Invoices Invoice_6F839240
Please find attached your latest purchase invoice.
**************************************************
Any queries with either the quantity or price MUST
be notified immediately to the department below.
**************************************************
Yours sincerely, Sales Ledger Department
Tel: +44 (0) 4215 189 115
Subject: Urgent
Our accountant informed me that in the bill you processed, the invalid account number had been specified.
Please be guided by instructions in the attachment to fix it up.
Subject: Urgent Alert
We have detected a suspicious money ATM withdrawal from your card.
For your security, we have temporarily blocked the card.
All the details are in the attachment. Please open it when possible.
Subject: Delivery status
Dear Client! Our delivery department could not accept your operation due to a problem with your current account.
In order to avoid falling into arrears and getting charged, please fill out the document in the attachment as soon as possible and send it to us.
Subject: Invoice for 893547 21/11/2016
This email confirms that your goods have been dispatched. Please find attached your Invoice in PDF format. Please note this document will only be sent in electronic form.
Subject: Attention Required
Our HR Department told us they haven’t received the receipt you’d promised to send them.
Fines may apply from the third party. We are sending you the details in the attachment.Please check it out when possible.
Subject: E-Mailed Invoices Invoice_CE576080
Please find attached your latest purchase invoice.
**************************************************
Any queries with either the quantity or price MUST
be notified immediately to the department below.
**************************************************
Yours sincerely, Sales Ledger Department
Tel: +44 (0) 5458 175 571
Subject: Please Pay Attention
Greetings! Informing you that the contractor requires including VAT in the service receipt.
Sending the new invoice and payment details in the attached file.
Please open and study it as soon as possible – we need your decision.
Subject: Insufficient funds
Dear info,
Your bill payment was rejected due to insufficient funds on your account.
Payment details are given in the attachment.
Subject: Important Information
Dear info, your payment was not processed due to the problem with credentials.
Payment details are in the attached document.
Please check it out as soon as possible.
Subject: Please Pay Attention
Dear info, we have received your payment but the amount was not full.
Probably, this occurred due to taxes we take from the amount.
All the details are in the attachment – please check it out.
Subject: Please note
Your tax bill debt due date is today. Please fulfill the debt.
All the information and payment instructions can be found in the attached document.
Subject: Urgent
Dear Client! We have to inform you that payments for contractors’ services were insufficient.
Thus, we are sending the report and the amount details in the attachment.
Subject: Order #9406386
Dear info, sending the receipt for the order #9406386.
You made it last week. Please check it out as soon as possible.
The receipt with all info is in the attached file.
Every single one of these came with zip file as an attachment. And every single one would have downloaded ransomware to the computer of anyone who was careless enough to open the file.
There are some red flags here:
- My company address is “info@abc.com”, and most of these emails start out as “Dear info.”
- The English in many of these emails is unnatural or grammatically wrong.
And yet people will still open these emails, and still click the attachments. If businesses take data security seriously, every employee will be given training on how to recognize data threats.
Please be careful out there.
The Old Wolf has spoken.
Playing in the World Game 
Pingback: The Scammers Keep Trying | Playing in the World Game