How to Recognize Ransomware
The first step in protecting yourself is to recognize what ransomware looks like. It will typically appear as an attachment in email but may come from other sources as well. Many times we see this attachment arrive as a “shipping receipt”, “unpaid invoice”, “statement of account”, etc. The criminals are using every ploy imaginable to get an unsuspecting person to open the attachment and unleash the virus.
The emails will many times look legitimate. They may even be from someone you know or did business with. Spoofing or faking a sender address is pretty easy so it is a common practice. There are usually tell-tale signs though. Consult with your IT support provider about any emails you feel are suspect. Taking a chance on opening them could be an expensive mistake.
We advise putting in place a company policy that blocks the most common email attachments criminals like to use. An example would be zip, exe, scr and vbs extensions. If your email system blocks these then that is less temptation for the new hire to click on something they thought was legit. This is just a partial list and will undoubtedly change over time as the criminals get craftier.
Educating your staff on what to look for is the best protection of all. For example:
- the IRS doesn’t send emails
- a shipping receipt from FedEx rarely appears out of nowhere
- an unpaid invoice attachment from a company you’ve never worked
- with before should be suspect
An aware employee will be your best defense against ransomware threats. This is especially true right now because as of early 2016 ransomware is undetectable by many anti-virus programs. The viruses are so well written (and constantly changing) that they tend to stay ahead of the anti-virus software’s ability to detect them. Vast technical resources are almost certainly being used to keep these threats as effective as possible.