I’ve been saying...
For years now I have been telling you to do your backup, keep current on updates and don’t click on links in suspicious emails. Last weekend’s “WannaCry” ransomware attack is a demonstration of just one of the reasons why.
WannaCry is aptly named.
How does this happen?
An email scheme known as “Phishing” or in some cases “Spear Phishing” delivers a message that encourages the recipient to click on the link in the message. From that point on they are doomed. Over ninety percent of ransomware attacks originate from phishing emails. Over thirty percent of the people who receive them actually click the link. With numbers like this ransomeware can be a profitable endeavor for all sorts of nefarious organizations.
Within hours the malware had spread like wildfire to hundreds of thousands of machines in hundreds of countries. We will probably never really know how many machines were affected, how many people were harmed or put at risk or what the total cost of this will be.
The attack spread quickly because the encrypting malware was coupled with a worm that helped it spread throughout the network once one machine was infected. Once the ransomware has infected a machine the files available on that machine are encrypted making them useless.
To decrypt the files you need the key specific to the encryption. The only place to get the key is from the people who created the ransomware and they demand payment first. You can take a chance and send them the money but these people are not the most trustworthy souls. Historically that seldom works. They just take your money and are never heard from again. You end up with both lost files and lost money.
What can you do to protect yourself?
Number One:
Do your updates! The vulnerability that allowed the WannaCry script to run was patched by Microsoft back in March of this year. With most modern operating systems the manufacture automatically updates security patches for you, unless you have turned off automatic updates.
Number Two:
Do your backups. If you are compromised by a ransomeware attack, or other malware, or a hardware failure, or a failed update, or an act of nature, even just plain old human error you still lose your files. If you did your backup you can recover the files and keep on going.
Large companies often have whole teams of backup operators who spend all day backing up files. Entire networks are “mirrored” at another location just in case something happens and the whole building is lost. Data is king in the digital age. Many smaller companies have gone out of business because of lost data.
Many people consider backups as a waste of time. If you are lucky you will never need them. But when you realize that you do need a backup it’s too late. So in the words of a famous Hollywood movie, “Do you feel lucky?”
Number Three:
Once you realize the data is gone the crying begins.
Don’t click on that link! Learn to spot phishing emails. Here are some tips to help you spot subversive emails;
- The message contains a mismatched URL.
One of the first things I recommend checking in a suspicious email message is the integrity of any embedded URLs. Oftentimes the URL in a phishing message will appear to be perfectly valid. However, if you hover your mouse over the top of the URL, you should see the actual hyperlinked address. If the hyperlinked address is different from the address that is displayed, the message is probably fraudulent or malicious.
URLs contain a misleading domain name. People who launch phishing scams often depend on their victims not knowing how the DNS naming structure for domains works. Domain names read from right to left. For example, consider the domain name news.kdubrovin.com. news would be a child domain of kdubrovin.com because kdubrovin.com appears at the end of the full domain name (on the right-hand side). Conversely, kdubrovin.com.maliciousdomain.com would clearly not have originated from kdubrovin.com because the reference to kdubrovin.com is on the left side of the domain name.
This trick has been used countless times by phishing artists as a way of trying to convince victims that a message came from a company like Microsoft or Apple. The phishing artist simply creates a child domain bearing the name Microsoft, Apple, or whatever. The resulting domain name looks something like this: Microsoft.maliciousdomainname.com.
The message contains poor spelling and grammar. Whenever a large company sends out a message on behalf of the company as a whole, the message is usually reviewed for spelling, grammar, and legality, among other things. If a message is filled grammatical errors or spelling mistakes, it probably didn't come from a major corporation's legal department.
The message asks for personal information. No matter how official an email message might look, it's always a bad sign if the message asks for personal information. Your bank doesn't need you to send it your account number. It already knows what that is. Similarly, a reputable company should never send an email asking for your password, credit card number, or the answer to a security question.
The offer seems too good to be true. There is an old saying that if something seems too good to be true, it probably is. That holds especially true for email messages. If you receive a message from someone unknown to you who is making big promises, the message is probably a scam.
You didn't initiate the action. I received an email message informing me I had won the lottery!!!! The only problem is that I never bought a lottery ticket. If you get a message informing you that you have won a contest you did not enter, you can bet that the message is a scam.
You're asked to send money to cover expenses. One telltale sign of a phishing email is that you will eventually be asked for money. You might not get hit up for cash in the initial message. But sooner or later, phishing artists will likely ask for money to cover expenses, taxes, fees, or something similar. If that happens, you can bet that it's a scam.
The message makes unrealistic threats. Although most of the phishing scams try to trick people into giving up cash or sensitive information by promising instant riches, some phishing artists use intimidation to scare victims into giving up information. If a message makes unrealistic threats, it's probably a scam.
For example you may receive an official-looking letter that was allegedly from US Bank. Everything in the letter seems completely legit except for one thing. The letter says that your account had been compromised and that if you do not submit a form (which asks for your account number) along with two picture IDs, your account would be canceled and your assets seized.
I'm not a lawyer, but I'm pretty sure that it's illegal for a bank to close your account and seize your assets simply because you didn't respond to an email message. Especially if you do not have a checking or savings account with the bank.
The message appears to be from a government agency. Phishing artists who want to use intimidation don't always pose as a bank. Sometimes they'll send messages claiming to have come from a law enforcement agency, the IRS, the FBI, or just about any other entity that might scare the average law-abiding citizen.
I can't tell you how government agencies work outside the United States. But here in the US, government agencies don't normally use email as an initial point of contact. That isn't to say that law enforcement and other government agencies don't use email. However, law enforcement agencies follow certain protocols. They don't engage in email-based extortion—at least, not in my experience. They just show up at your front door with six black Suburban’s full of agents when you least expect them.
Something just doesn't look right. In Las Vegas, casino security teams are taught to look for anything that JDLR—just doesn't look right, as they call it. The idea is that if something looks off, there's probably a good reason why. This same principle almost always applies to email messages. If you receive a message that seems suspicious, it's usually in your best interest to avoid acting on the message
And remember always back it up!
Go back to the top
|