CRYPTO-RANSOMWARE: As Dangerous as Ever

6 years ago | by Chris O'Brien

From its infamous beginning of leveraging the identities of major organisations like Australia Post, AGL and even the Australian Federal Police, Crypto-Ransomware continues to be a leading cybercriminal.


Here’s how the attack usually works:

  1. The attacker sends an email into the client’s network. This email shows up in the users’ inbox appearing almost identical to the company they are impersonating.
  2. The email contains content which is strategically made to generate a sense of urgency to the user, so they click on the link below the content to investigate it – in the recent AGL scam, a large bill is displayed.
  3. When the link is clicked, the user is taken out to a website that is also mimicking the site of the company being impersonated – in the case of AGL, the cybercriminals were attempting to look even more legitimate, by going as far as asking for a security code to make sure you’re not a robot – ironic, huh.
  4. In this external website, they will prompt you to download something – in the AGL scam, they displayed a zip file to download ‘with your bill in it.’ Once you download and open this file, the infection is executed directly from the internet, and BANG, all of your data is now being held at ransom!
Click to enlarge

Click to enlarge

 

What you can do to protect yourself:

  • First and foremost, if you see any email that comes through to your inbox that you weren’t expecting, or that doesn’t look quite genuine, call that company to verify its legitimacy instead of downloading anything or clicking on external links.
  • Secondly (and most importantly), have a solid form of anti-virus security in place. In conjunction with this, ensure you have a current and fully functioning backup system; this will act as your tech insurance – we can help you with all of this 😉
  • Lastly, if all else fails and your systems end up infected with a virus, call us straight away so we can safely help you get your data back.

Unfortunately, attacks like this have been around for years, and we certainly haven’t seen the last of them. While anti-virus applications are equipped to block these kinds of attacks, there are ways the cybercriminals try and slip through the cracks.

Generally speaking, these attacks infect users on ‘zero day’ (meaning the day the virus is created). This way, the attackers can be sure that antivirus software won’t yet recognise the virus, and it is therefore occasionally let through. Once they have been notified of the infections caused by this source, the antivirus vendors effectively block this infection, however, the devious cybercriminals continue to slightly mutate the look or coding within the virus, in an attempt to ensure that the new one is no longer recognised by security mechanisms, and unfortunately, it is likely to infect even more users.

Once infected, the users’ data is encrypted and held at ransom until they pay the demanded sum of bitcoin (a digital currency).

Luckily, Managed Services Providers like ourselves, provide the public with security measures that have not yet seen this ransom be paid; our Multi-Layer Security Solution enables our clients to have full peace of mind with their data safety.

Want more info on Cyber Security?

Or to learn how to better protect your business?

Get in touch with our team! Call us on 1300 661 859 or email us below.