2016 Network Security Report: 93% of Phishing Emails Are Ransomware

2016 Network Security Report: 93% of Phishing Emails Are Ransomware

You get an email. You carelessly open the attachment. You see a notice on your computer, politely phrased in spite of its hostile intent, telling you that your files are now encrypted, but you can get them back if you send a payment in Bitcoin to a specified wallet. Your network security has been breached. 

This is called ransomware, and it’s the fastest-growing trend in malware and one of the biggest current IT network security concerns, and it goes beyond Los Angeles and Burbank.  Anti-phishing vendor PhishMe reports that in March, 93 percent of phishing emails tried to deliver ransomware, compared to less than 10 percent in 2015. It also accounts for half the new variants of phishing email.

The size of the jump may be surprising, but the trend shouldn’t be. Ransomware offers a direct financial return to criminals, without having to peddle credit card numbers or other personal information. The Bitcoin cryptocurrency provides them with an anonymous way to collect payment over the Internet.

No One is Immune to Ransomware Vunerability

Ransomware has caught attention with some high-profile cases, including several hospitals that suffered major computing outages from attacks. One hospital, its ability to treat patients hampered for a week, handed over $17,000 to get its files back. Even the US House of Representatives has been a target, though it isn’t clear whether Congress has given in to any demands for money. The House network temporarily blocked Yahoo Mail in response.

The US government urges people not to pay cyberextortionists, since payment provides them with encouragement and resources, but an unfortunate side effect may be that people who are hit and pay up don’t want to report the crime.

The attacks usually encrypt data files on the victim’s computer. Sometimes they encrypt all the data, which actually works against the attacker, since it’s inherently more complicated to decrypt a completely locked-up computer than a working one with locked-up data files. The attackers often provide high-quality documentation on how to pay up and then restore the encrypted files.

Some versions up the ante by deleting files over time after encrypting them. The usual pattern is to delete a few files initially, then more as time passes, in order to provoke fear and force quick payment. In this case, paying the extortionist only stops more files from being deleted; it doesn’t get back the ones that have already been wiped.

Most of the attacks so far have been on Windows and Android systems, but some have targeted Linux and Mac OS X, and experts have speculated about future attacks on the Internet of Things.

Keeping a current backup is a strong defense. Many forms of the malware will also encrypt files on attached drives, so a remote or offline backup is best. You’ll need to restore the whole system to the pre-attack state.

Other defenses are common to all types of spam and malware. Use a spam filter, so that most hostile email messages won’t reach your inbox. Don’t open attachments if you aren’t sure they’re legitimate. A sender address that you recognize isn’t proof that they are; sophisticated spammers steal address books and forge people’s addresses to make their messages look legitimate. Never open an executable attachment unless you were specifically expecting one.

Use Quality Security Software and Keep it Up to Date

Security researchers have found ways to recover files encrypted by some ransomware, without having to get a key from the attacker. If your files get locked up, check for known fixes.

Law enforcement officials go after the people behind the attacks and the servers they use, and sometimes they have significant successes, but new attacks keep popping up, and sometimes the perpetrators are in remote locations where it’s difficult to catch them.

All users and IT Services providers need to be vigilant against ransomware. To assist businesses in understanding the key steps to take to assure their network security is safe, we put together the Business Owner’s Guide to Data Protection and Security. This will give you the top 10 steps to take as well as a bonus disaster recovery check list. Click below to get your complimentary guide today.

Garrett Chipman

Garett is an IT executive and entrepreneur with more than 20+ years in providing and designing business technology solutions. Coming from the technical and CTO/management side of such companies as GRB Entertainment and AMG(Artist Management Group) he has implemented some of the industry’s most effective solutions to help produce efficient results. He engaged with 100’s of vendors and thought during his CTO time and thought – Why not pass this methodology down the small and medium sized businesses? Why not provide enterprise solutions, for the SMB market at a fraction of the budget of hiring full time staff? His entrepreneur side kicked in at that point. This is why he started TVG Consulting. Anybody can put equipment in, but it’s the way one uses technology it making sure it a productive solution and does it make sense. Garett manages overall company decisions and operations for TVG and acts as TVG’s chief client design architect. Garett is acts as their clients strategic Virtual CIO which they include in their services. Garett and his wife Clare live in Southern California with their 2 kids and are very active in their local non-profits and community driven causes.

Leave a Reply

Close Menu