E-Mail Attachments Can Be Dangerous - Ransomware

Ransomware Trojan

Among the many online scams, viruses, hoaxes and insidious threats like data-encrypting ransomware attacks, there is one method that seems to be very popular right now.

You would have to be pretty disconnected from local and national news to not have heard of RansomeWare by now. The software gets installed onto your computer by opening a malicious attachment in an email or by downloading a file from a website where the infected files are offered to you in place of something you really wanted or expected to download.

By now, many people are leery of opening ZIP or "compressed" file attachments so the purveyors of these attacks have switched to an easier method. All e-mail based cons are effective if the sender can convince you to open the attachment and then install it or run it on your computer (which triggers the malware to start its job of either downloading the encrypting software silently in the background or simply executing the encryptor that is already present in the file you opened).

Lately we have noticed a particular type of email that purports to be an online order, refund request or an order confirmation attached as a common Microsoft Word file format (not zipped or compressed in any way). When you open the document to see what you supposedly purchased or what the invoice is all about, you are presented with a graphic overlay that obscures the content of the fake invoice. That graphic overlay asks you click or enable some content so you can see the message behind it. If you do this, you will have begun the install of some nasty software that likely will encrypt all of your data, any attached backup devices and any other disks or drives that you can normally access on your network.

Once it has done its work in the background, you will be presented with an alert and a demand to pay the hackers some amount of money, usually in a virtually untraceable currency called BITCOIN. If you pay the criminals, you will likely get a code that will decrypt your files until the next time the software decides to run or the hackers run short on cash (whichever comes first).

If you keep a full backup of your data, that you backup at some regular interval AND that backup device is not attached to your computer when you get infected, then you can skip the payment and simply restore your computer's data from a clean backup and save yourself the grief.

Consider the many cloud-based backup solutions you can subscribe to (links below) that keep copies of your data "off site" and many versions over time, so even if you don't notice the ransomware for a few days and those encrypted files get backed up, you can opt to restore data from a date - before - you got infected with the ransomware.

To simply trust that your data will always be safe on your computer without backups is naive and foolish. The risk of data corruption due to hard drive failure, loss or theft is real. The added risk of internet-based threats that will hold all your precious data ransom is equally real and has been hitting private individuals and large institutions alike.

Take a few minutes to google: "ransomeware" and learn more about this threat. Also, watch for the latest rash of email-based ploys to deliver the malware to your PC (image attached to this post). Be very careful what you open, be skeptical of every unexpected email with an attachment urging you to open it, keep an up-to-date antivirus / anti malware installed on your computer and backup your data frequently to either a device that you disconnect after it backs up or to a cloud based solution (hosted as a service on the internet) where many days worth of copies are stored so you can choose to restore one or all your data from any date you choose.

Ransomware affects Apple (Mac), PC (Windows), Linux operating system.

If you have been the victim of one of these attacks, you should report it to police. Although we cannot recover your encrypted data, we need to keep records about these incidents just like any other crime. Before you pay the hackers, speak with police. If you have followed any of the advice here, you may be able to recover without helping to support the criminal subculture behind these scams.

Some useful links:
http://www.cbc.ca/news/technology/ransomware-what-you-need-to-know-1.297...
http://www.cbc.ca/news/canada/ottawa/dog-charity-gets-files-back-after-r...
http://www.pcmag.com/article2/0,2817,2288745,00.asp
https://www.microsoft.com/en-us/security/portal/mmpc/shared/ransomware.a...