Nowadays both at home and at work, everyone is pretty much joined at the hip with an email account. Marketers, junk mailers, and spammers clog our in boxes to where, according to one USA Today article, people can spend nearly 30 percent of each work week just managing and triaging their email.
With so much of it flying around, email continues to be a convenient vector for crooks to transmit Trojans and other insidious malware targeting our personal and company’s data. Just when we thought that experts like Norton and McAfee were holding the line against those attacks, up pops a particularly nasty variety known called ransomware.
Clicking on an email attachment isn’t the only way you can unknowingly download ransomware. Following a link to a hacked web site will also do the dirty trick. In any case, once the ransomware enters your system, you must remove it to regain access to your computer or smartphone. Or you can pay what the culprits’ demand, with no guarantee they will send you the decryption key.
Weird emails are showing up
According to a piece by Brett M. Christensen at Hoax Slayer.com, emails with no body text and subject lines that have a group of letters, numbers and a .jpg file extension have hit some in boxes. At the bottom of the aforementioned email is an attachment, which has the same labeling as the subject line.
If you click on the attachment, you will open a JavaScript (.js) file, which does the rest: The rest is called Locky ransomware, which scrambles all your computer files. The JavaScript connects our computer to a remote server, which downloads and installs the Locky ransomware. Once it’s there, you get a heart-stopping popup window demanding payment, typically in Bitcoin.
Note: Data files will not carry a virus, since the virus must have executable code. File extensions .txt, .csv, .gif. jpg, .mp3, and .wav, do not have executable code. If you receive a Microsoft Word document with a .doc extension, and you are asked to enable Word macros, don’t do it. It’s a ruse to get the document to load the ransomware.
An ounce of prevention avoids a ton of headaches
Once your system is locked, you cannot access it. There is no quick way to cleanse your system from ransomware, but you can protect your system in a number of ways:
1. Keep an entire system backup either off-site or on a device disconnected from your computer when you are not actually backing up. Ransomware looks for all connected drives and encrypts everything. You can use your full, uninfected backup for a complete system restore, but you will lose any data you entered from the time of the last backup.
2. Invest in anti-virus/malware software products, which keep up with the threat and protect your system. According to one recentTechTarget piece, ransomware creators are constantly on the alert to circumvent detection. how to
3. Watch what you open, and never click on suspicious URLs or file attachments. If you set your file viewing system to show all file extensions, the innocent looking image file (.jpg, etc.) will have an additional extension like .zip or .rar.
More emails to watch out for
Finally, be on the lookout for emails in the following categories, which have been known to carry Locky ransomware:
- “Payment Declined” — A bogus sales manager asks you to click on and double check an “invoice,” which is an attached booby-trapped file.
- “Payment Accepted” — A fake financial manager asks you to check a “payment confirmation” by opening a file. You know the rest.
- “Order Status” — You receive a thank-you for your recent order and an invitation to review the details by opening an attached .zip file that explodes in your face.
- “Received Documents From Your Bank” — Who wouldn’t be tempted to open an attachment like this? Well, don’t do it. Call your bank instead.
