These are NOT your friends! (or your bills)
We've noticed an increase in a specific type of spam worth mentioning, in the hopes of preventing a few headaches for our clients and friends. We're all familiar with spam, but trust us... they are well-aware that you've been schooled to avoid rogue messages and random email attachments.
The next generation of spam is a close, personal experience. This is NOT as pleasant as it sounds. It begins innocently enough... an email from your boss, employee, bank, utility company... the list goes on. A quick message from an actual acquaintance that you recognize, or perhaps a PDF attachment emailed from your company's Xerox machine. But wait... the copier isn't even a Xerox... and you just double clicked the attachment. SH**.... The issue here is the relative ease in faking the "from" address of an email. This can be done as easily as hand-writing an envelope and putting "The North Pole" in the top left corner.
Fortunately, most email providers can recognize the attempted forgery and divert this to your spam folder. On occasion, something may slip through, or maybe you were clearing out the spam folder and noticed an important invoice that "somehow" ended up in there.
Whatever the case, when receiving an "invoice" or any file attachment, especially an unexpected one (no matter the "from" address), approach with caution. Verify with the sender, possibly even verbally, to confirm the legitimacy of the message.
Back to that PDF from the "Xerox" machine that your company doesn't even have... once infected, the trend of close-and-personal continues. Viruses and malware come in many forms, but lately, a large percentage have been the "crypto" form. You may have heard of these in the news. Specifically, and most recently, when the entire IT infrastructure at the Los Angles Presbyterian Hospital was held hostage for ransom.
Ransom-ware is a type of malware that, once installed, quickly scans your hard drive or network for any document of personal value. Think about your pictures, office documents, PDFs, or any file that would most likely contain something a user put time and effort into. The rogue parties here are targeting the real value of your computer, and hoping to extort a sum of money to release that data back to you.
Prevention of this type of malware requires covering multiple bases. Antivirus alone cannot always stop this type of malware, nor can good surfing habits. One of the more recent attack avenues had been the compromise of an advertising agency that supplied ads to MSN, BBC, CNN, Realtor.com, and others. For a short period of time, browsing to these sites became a game of roulette as the advertisements loaded on the users screen. Some ads did contain ransom-ware similar to Crypto Locker. Quite a few were infected.
These viruses don't actually "infect" a system the way we are accustomed to in the past (scripts that replace system files, and root themselves deep into Windows), it becomes more difficult for antivirus to actually catch them. A cat-and-mouse game of sorts. These programs function much like any other legitimate Windows program, performing a simple task, though with undesired results. Some of these "simple" crypto programs actually delete themselves in the process, leaving only your locked files and a set of instructions for paying the ransom.
Information is one of the best forms of prevention. Our goal is to keep our clients and friends informed, to help keep them safe. Of course it goes without saying... backups, backups, backups. Along with that phrase that we as IT people drone on about regularly, we'll add: updates, updates, updates! Up to date systems are less prone to the security holes that allow this software to run in the first place. Still though.. proper backups can bring the damage inflicted by these crypto-style ransom viruses to near-zero.
If you have any questions or concerns, feel free to give us a call at 302-645-4549. We're happy to review your backup policy and assist with any changes required to take the risk as close to zero as possible. For now though, don't trust that from address when receiving an attachment. Take a good second look.