Another day and another sophisticated phishing scam has hit the headlines. This recent batch of file-encrypting ransomware including CryptoLocker, CryptoWall and CryptoDefense, and botnet kits like Zeus, are all deemed particularly nasty.
Disguised as genuine correspondence from well-known delivery companies FedEx, UPS and Australia Post, banks like Lloyds in the UK, and certain government organisations, they trick users into clicking a link and downloading an executable file. Once executed it infects the user's workstation and encrypts the user’s files, making them inaccessible to the user before demanding a bitcoin ransom to provide the decryption key.
While malware attached to emails can be stopped effectively by email filters, these ransomware scams appear as phishing emails containing links to malware instead of the malware itself. These recent incarnations don’t tend to be stopped by just one security measure alone.
Their legitimate appearance and ability to slip through email filtering nets has been catching uninformed email users and businesses unawares. To help reduce the risk of your computer files being encrypted and subsequently your business held to ransom, you should ensure you have multilayered security measures in place.
Multilayered security includes user education about the current dangers and understanding what you should keep an eye out for. Firstly, if you receive an email purportedly from a person or an organisation you weren't expecting, it should be treated with caution. If ever in doubt, call the company of the sender directly or check with your IT administrator.
If you do happen to receive an email from a bank or government organisation, never enter in any passwords, personal or banking details. This also includes emails that ask you to click an unverified web link and enter in personal details. Always be sure to go directly to the website yourself when logging into online accounts, and never from a link that is provided to you in an email.
It is also extremely important to keep your files safe by ensuring you have routine data backups. Keep in mind that some ransomware can affect your USB drives or shared networks, so be cautious about where you store your backed up data.
You can better protect your computer systems by adding email filtering, web filtering and desktop anti-virus. Keep in mind that choosing an email and web filtering service delivered through the cloud, you won’t have to rely solely on your desktop anti-virus which requires regular updates. Cloud filtering is updated in real-time to assist in combating fast-breaking spam.
By taking on board these recommendations you can better protect yourself from any future attacks. Always remember, if an email seems suspicious or just too good to be true, it probably is. Get scam wise, and be sure to throw that phish back!
