Ransomware. You could be next...

Posted by Brian McDonald on 2/7/2017

That menace is lurking in your employee inbox that wasn't blocked by the email filter?  Egyptian Prince with millions to give you?  Microsoft telling you that you need to contact them immediately with your credit card and social security number ready?

For schools and education, the new evil is Encrypting Ransomware attacks - an incredibly sinister type of malware that is delivered via spear phishing emails to staff or students that have the ability to lock up valuable data and documents and demands a ransom to release them, often starting at $600 per ransom - and they are out there waiting for you.  The FBI estimates Ransomware is on pace to be a #1 billion dollar source of income to cyber criminals by the end of 2017.

The numbers don't lie folks.  The explosion of multiple types of ransomware is working it's way into all organizations, but especially education and schools.  Why?  Big business baby, and a huge return on investment to those attackers succesful in using it.  An average of 30,000 infections per month!

At this very moment, one of you could be clicking a link in a spam email and activating macros in a malicious word document. In a few seconds, all your data, as well as the organizations data will be encrypted and held for ransom with only a few days to pay to get it back.

 

Here is how it goes down:

 

  1. Initially, the victim receives an email which includes a malicious link or a malware-laden attachment. Alternatively, the infection can originate from a malicious website that delivers a security exploit to create a backdoor on the victim’s PC by using a vulnerable software from the system.
  2. If the victim clicks on the link or downloads and opens the attachment, a downloader (payload) will be placed on the affected PC.
  3. The downloader uses a list of domains or C&C servers controlled by cyber criminals to download the ransomware program on the system.
  4. The contacted C&C server responds by sending back the requested data, in our case, the ransomware.
  5. The ransomware starts to encrypt the entire hard disk content, personal files and sensitive information. Everything, including data stored in cloud accounts (Google Drive, Dropbox) synced on the PC. It can also encrypt data on other computers connected in the local network.
  6. A warning pops up on the screen with instructions on how to pay for the decryption key in Bitcoin which is untraceable by law enforcement.

 Ransom

This happens in seconds.  Literally... seconds.

How can you protect yourself and the organization?

Fake emails and webpages often have bad spelling, or just look unusual.  Look out for strange spellings of company names (like PayePal instead of PayPal) or unusual spaces, symbols, or punctuation or run on words or sentences (iTunesCustomerService instead of iTunes Customer Service).

  • Do not visit unsafe or suspicious websites while at work.
  • Do not open email attachments from people or entities you don't know, or from people or entities you do know, but weren't expecting email from.
  • Bottom line:  If you are unsure, delete it and don't click it!