Beware Sneaky New Ransomware Attacks

Question

I recently opened what looked like a resume in Outlook which made everything go crazy. Now I’m locked out of my files with a message that says I need to pay to get them back. What do I do?

Answer

This question was answered on September 16, 2015. Much of the information contained herein may have changed since posting.

Image courtesy of https://www.flickr.com/photos/bengarney/You've been hit by one of the many sophisticated ‘ransomware’ attacks that have recently seen a surge in popularity by hackers.

 

This has become a very lucrative extortion scam for organized cyber-crime groups, generally thought to be located in Eastern Europe and Russia.

There are two reasons that we’re seeing another surge in ransomware: better social engineering and crowd-sourcing.

In your case, you were opening what you thought was a resume, which likely means that you were on a business computer.

In the past, the cyber-thieves were happy to snag anyone that fell for their traps, but now they are specifically focusing on businesses.

They have learned that businesses are more likely to pay the hefty ransoms because they can’t operate without the files that are being held hostage.

They also know that they only need to get one person in a company to fall for the scam in order to hold the entire company hostage.

Think like a hacker for a minute; by finding companies that are actively posting employment ads, it’s more likely someone will open an attachment that’s posing as a resume for a posted ad.

They’re also replying to Craigslist ads with rigged malware documents posing as resumes.

Anyone either posting or applying for a job needs to understand this new threat and think about changing how they interact.

Employers should look into one of the many online employment resources that allow applicants to create online resumes instead of using e-mail attachments.

Those looking for jobs should think about other ways to get their work experience in front of employers, such as fully filled out LinkedIn profiles or the resources offered by online employment.

The crowd-sourcing development in ransomware attacks is the most disturbing thing to me.

In the past, cyber-thieves had to pay hefty sums to get their hands on the ransomware attack programs, but not anymore.

Anyone that knows how to navigate the ‘dark web’ can find a number of places to download a ransomware kit and spread it however they want.

When someone pays up, a ‘commission’ is paid by the developer to whomever distributed the attack.

Recently, we've seen versions that instantly resend the infection automatically to thousands of people in the address book of the infected computer to help spread the threat.

If you don’t have a good off-site backup of your critical data, your only options are to pay the ransom (which encourages these guys to continue) or start over without the infected data.

We've all heard it over and over again: DON’T OPEN E-MAIL FILE ATTACHMENTS, but these guys are really good at creating scenarios that encourage people to let their guard down.

They know most businesses couldn't survive a complete loss of their critical business data, which is why they've stepped up their game.

Whether you’re a home or business user, if you haven’t reviewed and verified your off-site backup system recently, consider this a wakeup call!

Need Help with this Issue?

We help people with technology! It's what we do.
Schedule an Appointment with a location for help!

Author

Posted by Ken of Data Doctors on September 16, 2015