I haven’t been feeling well lately. The change in weather has melted all of the snow, releasing pent up allergens. It seems that the older I get, the worse my allergies get. Today, it’s been unmanageable and really distracting, and I can’t focus on any one thought.
So what I have for you today is a warning about two recent types of malware that I have come into contact with recently.
One of them is ransomware.
The common mode of transmission for ransomware so far is through email attachments disguised to look like something important, an extraneous charge on your credit card, an invoice or something of that nature. The ones I have heard about come in a Microsoft Word document formatted attachment that has macros in it.
When the attachment is opened, two things happen. The first is that the document appears as unformatted, randomly generated letters, and the user is prompted to enable macros in Word in order to read it.
Once the user clicks to enable macros, the malware delivers a payload in the form of a cryptographic executable that encrypts files. Some of these specifically target Bitcoin wallets. But they also go for anything in your documents folder, your email client’s data store, cloud drives, etc.… Basically, any common storage area that could have document or other files that are important to the user.
After the payload is delivered, when the user opens a browser window, they are presented with a webpage that demands bitcoins in exchange for the key to decrypt the files.
If this happens to you, there is basically no way to get your files back unless you want to pay the ransom for the key.
The best way to prevent data loss is to:
- Never open email attachments from someone you do not know and those in emails you didn’t expect to receive.
- Never open email attachments from someone you do know that look suspicious… attached to an email written in broken English with no or very short explanations about what the attachment is. If you feel the need to open such an attachment, save it to disk first and scan it explicitly prior to opening it, and NEVER enable macros in Word unless you are absolutely sure of the document’s integrity. Did I say NEVER enable Word macros? We’re talking about a requirement for three forms of ID before I’d ever do it. Word macros do nothing so cool as to be worth the risk.
The second one is a cleaver scam that originated in malware popups disguised as ads and has graduated to website hijacking. You try to go to a website and are presented with a scary looking SYSTEM ERROR page that looks like the old style BSOD screens only with a white background. Then a window pops up in the webpage informing you that system corruption will occur if you close your browser. You are given a phone number to call for Windows tech support for repair, for which you will be asked for your credit card number and be billed for $300-$400 for PHONY tech support.
If you happen upon this scam, DO NOT call the phone number. The website you tried to go to has been hijacked. Close your browser window immediately and do a malware scan to be sure that you don’t have the malware version of this scam.