Cyber-criminals are encrypting your computer files and holding them for ransom. This is one of the most difficult attacks to defend, and once encrypted, impossible to overcome without paying for the decryption key. There are several new tactics appearing on the crypto-ransomware scene that we thought were worth a mention.
- From the BBC News website in an article titled “Phishing email that knows your address,” discussed how cyber-crime groups are sending phishing email appearing to come from bill collectors working for legitimate companies. In order to make the email appear more genuine, they are inserting your physical street address into the body of the email. The offered email link will take you to a fake web page where malware for a crypto-malware exploit will be installed.
- Another article from Naked Security looking at the new Zepto ransomware disclosed that this ransomware variant was launched via phishing emails with:
- a DOCM Word documented with VB script macros embedded.
- In either case, the attachment contained the code necessary to start the encryption process by downloading an executable file over the Internet from a command and control server and launching it.
You need to be on your guard for the phishing emails that set up the exploit. I would say at this point if you receive an email that causes feelings of surprise, panic, fear, or alarm, then there is a good possibility that it is a phishing email. Phishing emails, especially spear-phishing emails that are target only at you, are designed to get you into an agitated state of mind; They depend on your emotional response to trick you into hastily clicking on a link or opening an attachment before you develop the presence of mind to think it through. So if this email is making you fearful or anxious, DO NOTHING until you are in a calmer state of mind.Share