Ransomware in emails
US-Cert is a wealth of great information for email and cyber security. Several people I know have had occurances with ransomware and it is very crippling. The information below is from a recent article by US-Cert. I strongly recommend all of this blog's readers to use this information and other guidelines set forth by this agency.
+++++++++++++++++++++++++++++++++++++++
Alert (TA13-309A)
CryptoLocker Ransomware InfectionsOriginal release date: November 05, 2013 | Last revised: November 18, 2013
Microsoft Windows systems running Windows 8, Windows 7, Vista, and XP operating systems
Overview
US-CERT is aware of a malware campaign
that surfaced in 2013 and is associated with an increasing number of ransomware
infections. CryptoLocker is a new variant of ransomware that restricts access
to infected computers and demands the victim provide a payment to the attackers
in order to decrypt and recover their files. As of this time, the primary means
of infection appears to be phishing emails containing malicious attachments.
DescriptionCryptoLocker appears to have been spreading through fake emails designed to mimic the look of legitimate businesses and through phony FedEx and UPS tracking notices. In addition, there have been reports that some victims saw the malware appear following after a previous infection from one of several botnets frequently leveraged in the cyber-criminal underground.
Impact
The malware has the ability to find and
encrypt files located within shared network drives, USB drives, external hard
drives, network file shares and even some cloud storage drives. If one
computer on a network becomes infected, mapped network drives could also become
infected. CryptoLocker then connects to the attackers’ command and control (C2)
server to deposit the asymmetric private encryption key out of the victim’s
reach.
Victim files are encrypted using
asymmetric encryption. Asymmetric encryption uses two different keys for
encrypting and decrypting messages. Asymmetric encryption is a more secure form
of encryption as only one party is aware of the private key, while both sides
know the public key.
While victims are told they have three days to pay the
attacker through a third-party payment method (MoneyPak, Bitcoin), some victims
have claimed online that they paid the attackers and did not receive the
promised decryption key. US-CERT and DHS encourage users and
administrators experiencing a ransomware infection to report the incident to
the FBI at the Internet Crime Complaint Center (IC3).
Solution
Prevention
US-CERT recommends users and
administrators take the following preventative measures to protect their
computer networks from a CryptoLocker infection:
Conduct routine backups of important files, keeping the
backups stored offline.
Maintain up-to-date anti-virus software.
Keep your operating system and software up-to-date with
the latest patches.
Do not follow unsolicited web links in email. Refer to
the Security Tip Avoiding Social
Engineering and Phishing Attacks for more information on social
engineering attacks.
Use caution when opening email attachments. For more
information on safely handling email attachments read Recognizing and Avoiding
Email Scams (pdf), and Refer to the Security Tip Using Caution with Email Attachments.
==============================
Great news!
My book is now atop the Amazon Netiquette list. Please go to Amazon and search for "netiquette" . There is a wonderful review from Kirkus as well.
About Netiquette IQ
My book, "Netiquette IQ - A Comprehensive Guide to Improve, Enhance and Add Power to Your Email" and the Kindle version are now available on Amazon. Please visit my author profile at
amazon.com/author/paulbabicki
#PaulBabicki
#netiquette
#emailsecurity
If you are interested in email or email security software, please visit:
www.tabularosa.net for many "best of breed products".
posted by paul babicki @ 11:12 PM
0 Comments
