We have started to see an Internet fraud/threat called “Ransomware” getting more and more widespread recently. The fraud/threat tries to make people open malicious e-mail attachments by tricking the recipients with a replica of an invoice or a bank statement by mentioning correct personal and/or phone number, account number information in the e-mail.
The mail usually mentions a higher than normal phone bill or a higher than normal bank transaction. If the recipient panics upon this figure and opens the attachment to see the details; the ransomware software encrypts files on the disks attached to the computer and asks for a ransom to provide the encryption key which can be used to restore the files.
Usually all documents, spreadsheets, drawings, presentation files etc. are encrypted and there usually there is no way to restore the files without the decryption key.
Having an anti-virus software installed on your computer is not a guaranteed protection against this threat.
If the victim is using cloud storage; such as DropBox or Google Drive, and the remote storage area is mounted as a disk drive (e.g. Drive E:) for east access; files on that drive (i.e. cloud storage service) will also be encrypted. In this case, having backups on cloud storage services will not help.
The most important protective action against mail attached malicious programs is not opening attachments unless you are certain that the attachment is not an executable program.
MS Windows executable files have extensions (not an exhaustive list) are EXE, COM, JS, JSE, JAR, MSI, PIF, WS, WSF, SCR, SCF, REG, HTA, CPL, MSC, BAT, CMD, VB, VBS.
Before opening an attachment, make sure that the file(s) do(es) not have one of the above extensions. Please also note that, MS Windows operating systems usually hide file extensions and displays a file’s name as “invoice.doc” rather than its real name “invoice.doc.exe”.
To list a few precautions:
1. Never open unexpected attachments and if not sure, please contact the apparent sender to ask whether this is real.
2. Windows users: Uncheck the “hide extensions” option for your Explorer. Please refer to Microsoft support site for the procedure pertinent to your OS version. Google keywords are “microsoft.com: Windows explorer disable hide extensions”
3. Never open an attachment by double clicking it. Always save them to a directory and try to examine the contents.
4. Use Mozilla Firefox or Chrome to browse the web and make sure that either one of these is your default browser.
5. Use Mozilla Thunderbird as your e-mail client software.
6. If you are using a cloud storage service; do not install the software that enables you to access to this remote storage as if it is a local disk drive. Use the service’s web interface to send and retrieve files to and from the cloud.
These ransomware has once again proved the importance of backing up data files.
We want to remind our users to make frequent backups of their important files.
A few suggestions:
1. Use USB memory sticks or external USB disks (or alike) to copy your important files.
2. Never overwrite existing backup files/directories while making backup copies on to an external device.
3. Every time you want to make a backup, create a new directory, named with the date of backup (e.g: 2015-03-23) and copy the files into that directory. If space is needed on the external device, remove the oldest directory and then start the new backup. An easier technique is to use two media for making backkups to and labeling them “Odd days” and “Even days” and use the one which matches the calendar day.
4. NEVER LEAVE THE EXTERNAL STORAGE DEVICE (USB MEMORY, EXTERNAL DISK) CONNECTED TO YOUR COMPUTER. When the backup process is complete, unmount the device (safe removal) and disconnect the device from the USB interface.
5. If you are a MS-Windows user, make sure that the actual files are copied onto the external device rather than their shortcuts. The most reliable way to confirm this is checking the size of the copied files and trying to open a few of the backed up files on a different computer.
6. You can use cloud storage services (like DropBox, GoogleDrive, etc.) to store your backup files. If you do so, NEVER USE THE CLIENT APPLICATIONS THAT MAKE YOUR CLOUD STORAGE APPEAR AS A DRIVE ON YOUR COMPUTER. USE THE CLOUD STORAGE SERVICE ONLY and ONLY THROUGH THEIR WEB INTERFACE. If you have installed the client cloud software which makes your cloud storage appear as a disk drive of your computer; the ransomware will encrypt your files on the cloud as well. If you are a cloud storage user and have the service’s client software installed; we strongly recommend you to uninstall it NOW.
If you do not have backups of valuable files stored on your computer; backup them today! Now! Tomorrow could be too late! Please note that backing up to a second hard disk or to a backup directory will NOT secure your files.