In 2016, ransomware became the number one digital threat in the world. It was so widespread the FBI estimates victims paid $1 billion in ransom last year alone.
Cybercriminals aren't backing down this year either, the number of ransomware attacks has been out of control lately. Now, a new form making the rounds is sneakier than ever.
Sneaky ransomware variant and how to remove it
We're talking about an easy-to-use, customizable form of ransomware known as Philadelphia. This lets a beginner cybercriminal, someone who isn't very tech savvy, carry out a ransomware attack.
What makes this ransomware variant sneakier than others is how easy it is to customize the attack. Scammers are able to buy the ransomware software on the Dark Web for as little as $400 and then customize the attack themselves. It's mainly being used to target companies and its employees but there have been cases of individuals being targeted as well.
For example, the scammer who purchases Philadelphia ransomware would just need to do a little research about a company for a successful attack. The fraudster would look up high ranking company officials i.e. the CEO or owner and send phishing emails to the company's employees pretending to be from them. Since the message looks like an official company email, the employee would unsuspectingly click on its links and bam, their gadget is infected with ransomware.
One recent instance discovered by researchers at Proofpoint detailed an attack targeting health care institutions throughout one city. The scammer sent phishing emails that appeared to be from someone who worked for the targeted company with the subject line Patient Referral. The email contained links that were supposedly the patients' charts, but they were actually malicious links that if clicked on infected the users' computer with Philadelphia ransomware.
Image: Example of phishing email leading to Philadelphia ransomware. (Source: Proofpoint)
Not only are the phishing emails customized by the cybercriminals but so are many of the ransom notes. The fraudster mentions the targeted company by name in the ransom note and adjusts the ransom payout dependent upon the victim. The higher up the company ladder the victim is, the higher the ransom demand.
There is good news though in the fight against Philadelphia ransomware. A decrypter tool from Emsisoft is available for free, so if your gadget gets infected you can remove it.
How to protect yourself from ransomware attacks
The U.S. government has taken notice of the growing number of ransomware attacks. In an effort to help people fight these attacks, the FBI has given these suggestions:
- Back up data regularly - this could be the best way to recover your critical data if you are infected.
- Make sure your backups are secure - do not connect your backups to computers or networks that they are backing up.
- Never open risky links in emails - don't open attachments from unsolicited emails, it could be a phishing scam. Ransomware can infect your gadget through malicious links found in phishing emails. Can you spot one? Take our phishing IQ test to find out.
- Download only trusted software - make sure the software you download comes from trusted sites. If you are going to download an app, make sure it's from Google's Play Store or Apple's App Store. Third-party app stores don't have as many security procedures in place as the official app stores so it's more likely that you'll find malicious apps there.
- Have strong security software - This will help prevent the installation of ransomware on your gadget.
Backing up your critical data is an important safety precaution in the fight against ransomware. We recommend using our sponsor, IDrive. You can backup all your PCs, Macs and mobile devices into ONE account for one low cost! Click here to receive a special discount of 50 percent.