Malware And Ransomware Threats 2016
Malware And Ransomware Threats 2016 : DNS Texas is seeing a large increase in the amount of Phishing and malicious emails hitting our systems. As a result, we are providing this information so you can better protect yourself, in the event one of these malicious emails/files makes it to your inbox or computer. This is a living document and will be updated with any new information as we run across it. Please feel free to share your suggestions and note anything we may have missed in the comments area below.
Definitions
Ransomware – the process of restricting access to an infected computer or file(s) in some way that demands the user pay a ransom to the malware operators to remove the restriction. Many forms of ransomware encrypt files on a local hard drive or network drive, while others can completely crash your computer or make it run extremely slow. Ransomware payloads can be hidden in cleverly crafted emails disguising themselves as speeding tickets, overdue invoices or other items that your would instinctively open to ‘see what they are’.
Malware – is a generic term that refers to a variety of unwanted software, including viruses, trojan horses, spyware, scareware and other malicious programs.
Phishing – is a term used to describe the luring of unsuspecting users to fall victim to a scam. Typical phishing scams might impersonate a bank, have a real looking website and encourage you to login to check something. When you enter your banking login on the phishing site, the bad guy now has your bank login. Make sure you always check the URL in your browser to be sure you’re at the right place before typing in credentials!
Be Aware Of These File Types
Common malicious file attachments include .SCR, .PDF, .EXE, .ZIP and .RAR files. You should only open attachments from persons you are expecting emails from with attachments. Be aware that often times emails may appear to be from people in your address book, but when looking closer, the person will have a different email address than usual… These are typically fake or ‘spoofed’ emails.
Be Aware Of These Subject Lines & Subject Lines Like These!
- USPS – your package is available for pickup (parcel <random number)
- USPS – missed package delivery
- Scan from Xerox Workcentre
- Important – Attached Form
- McAfee Protection Reactivation
- Payroll Received By Intuit
- Invoice <random number>
- Scanned From A Xerox Workcentre
- New Voicemail Message
- My Resume
- Important – New Outlook Settings
- ADP Payroll: Account Charge
- ACH Notification
- ADP Reference #<random number>
- Corporate eFax Message From <random number>
- Past Due Invoices
- Voice Message From Unknown Caller (random number)
- Scan Data
- Incoming Money Transfer
- Overdue Incoices <- note the misspelling
- Document (2).pdf, Document (1).pdf
- Emailing: IMAGE-<random number).docx
- Emailing: img#.xlsx (where # is a random number)
- Recent Bill
- Bill N-<random string>
- CCE<random number>_<random number>
- Requested Receipt ID:<random string>
- Wire Transfer #<random number>#
- This is an ongoing list – more will be added as found.
Highest Threats (As Of March/April 2016)
You receive an email stating that an encrypted Microsoft Office attachment is enclosed. The typical message body will show ‘INVOICE 2016-M# <random number>”. This message should be deleted as it is not real.
This is a new strain of Russian ransomware. The name ‘MAKTUB’ is Arabic for ‘Fate’. This malware is spread by email and typically contains attachment(s) with the .RTF and/or .SCR extension. When opened, a ‘terms of service agreement’ is shown, while you read the terms and conditions, your files will be encryped in the background.
Cryptolocker & Variants
This is one of the earlier strains of ransomware, encrypting files and demanding money for the unlock to de-crypt the files. You may or may not get the actual unlocker after paying the ransom…
PETYA
Infects your computer by no longer allowing it to boot up. The system will come up with a fake “Blue Screen of Death”, as known by Windows operating system folks. This BSoD will actually be a red and white screen with skull and crossbones. Cleanup of this monster must be performed pre-windows boot, ie: from the recovery console or bootable thumbdrive/CD.
Locky
This malware is primarily targeting the banking industry. More about this one is available here: http://www.cutimes.com/2016/03/18/locky-ransomware-infecting-90000-systems-daily
Speed Trap & Court Summons Malware
This malware comes via e-mail and is disguised as either a missed court summons (failure to appear) or a speeding ticket. This speeding ticket might be from a state you haven’t visited, so you know it’s fake…. but wait… did you know, the latest variants actually use city/street names for where you live? Scary! Keep in mind, police and court systems around the United States DO NOT email you violations, it will always come to you via postal service to your license plate registered address or drivers license address.
Sum Of Money Scams
These have been around for years, but always worth noting… Diplomats in foreign countries offering you large sums of money for ‘helping them’ or for acting on behalf of someone who has passed away dispersing their funds will nearly always be a 100% scam.
Best Protection Methods
Follow these step(s) to help protect yourself from common malware and ransomware variants:
- Keep virus definitions up-to-date! All major antivirus companies regularly release new definitions for their products. You should ensure that your computer is up-to-date or that your organization is pushing frequent antivirus updates to your machine(s).
- Use a 3rd party prevention software program like Malwarebytes. The free Malwarebytes will scan your computer and allow you to remove anything found, the drawback is you must manually run it when you suspect something is not right, which might be too late. You can optionally purchase the full version of Malwarebytes – the purchased version updates automatically and runs in the background to compliment your antivirus product.
- Common sense is a great tool in fighting scams. Just remember the old saying: “if it sounds too good to be true, it probably is!“.
- Remove any un-used or un-needed external drives. Crypto-malware infects any drives it can find. Having a USB stick or external hard drive plugged in, should you get infected, will also infect your external drives, which are typically used for backups. Obviously if your computer and backup copy of data get encrypted, you are at 100% loss.
- Be aware of websites you are visiting and avoid clicking any ads or following directions on pop-ups. If you encounter a pop-up that states you’re the lucky winner or some other annoying tactic, you should force close it using task manager, as sometimes, clicking ‘no’ or ‘yes’ will have the same result on the popup and can ultimetly lead to infection. Task manager can easily be started by CTRL-ALT-DEL and choosing ‘task manager’ or ‘tasks’. Look under running processes and find your browser in the list (iexplore.exe for Internet Explorer, firefox.exe for Firefox or chrome.exe for Google Chrome).
- Use a reliable 3rd party backup service to safeguard your data. There are many out there, including the DNS Texas offsite backup service, which is not affected by Crypto-Malware. More information on our offsite backup services are available here: http://www.dnstexas.com/products/backup-solutions
Conclusion
As these types of malware continue to propagate, they are getting more and more sophisticated. Current crypto-variants can encrypt not only local and network drives, but also crawl out and infect Dropbox, Google Drive and Microsoft OneDrive too. Speed trap or Court Notice emails are actually starting to use local street/city names too. Contact DNS Texas if you would like more information or have additional questions.
DNS Texas customers should forward any SPAM or phishing emails to [email protected] for review and blocking.