1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
  2. Welcome to iHelpForum - the place to get help from knowledgeable techs in all areas of Tech, Home and Auto help. Consider checking out our Guides or Registering an account to post on our forums today.

    Dismiss Notice

Ransomware - threat to PCs, MACs, and Linux

Common Sense Prevention

  1. DCiAdmin
    Yes, it’s another post to raise your awareness of the threat posed by ransomware. Knowbe4.com reports that Forbes alleges that as many as 90,000 computers are infected with Locky ransomware daily. Unlock fees charged by the hackers average $420 per infected installation. Knowbe4.com further states that in the last few days, a botnet has sent as many as 4 million phishing emails with a zip attachment containing Java script that installs the Locky ransomware.

    Everyone has the potential to be a victim of this type of threat, as evidenced by the Hollywood hospital that recently paid out $17,000 to regain access to their files. Antivirus may not protect you as the binary of ransomware is often unique and not recognized as known malware. In this case, a bit of knowledge regarding phishing emails will greatly reduce your risk of becoming a victim.

    Perhaps the easiest way to prevent malware from entering your system is to be an alert email consumer. Follow the common sense suggestions in this screenshot:
    SocialEngineeringRedFlags.JPG

    There are several ways to distribute ransomware, or most any malware, but common methods would be email attachments (.zip, .docx, .doc, etc) containing malicious macros or emailed links to web sites that are redirected or malformed, but similar in name to valid URLs.

    I'm sure you have received emails containing a subject similar to ATTN: Invoice J-98223146 and a message such as "Please see the attached invoice (Microsoft Word Document) and remit payment according to the terms listed at the bottom of the invoice". Once the Word document is opened, the text would appear scrambled with an instruction to enable macros. A screenshot of how that might look follows:
    Malware.jpg

    Once enabled, the macros will download an executable file from a remote server, store it in the %Temp% folder and then execute it. This executable is the ransomware. Once started, it will begin to encrypt the files on your computer and network shares.

    Be smart. Protect yourself. Use common sense when opening web sites or emails. If things don't look right, they probably aren't.

    If you have questions about this guide or others, please create a FREE account and create a post with your questions.

    Credit to Knowbe4.com for screenshots.

    Common Search Terms
    • Ransomware
    • Locky
    • Prevent Ransomware
    • Ransomware Prevent
    • Prevent Locky
    • Locky Prevent
    • Encryption
    • Encryption malware
    • Prevent encryption
    Lord Chance likes this.