If you follow us here at Komando.com, you probably know that ransomware is the number one digital threat in the world. The FBI estimates that nearly $1 billion was paid by victims of these attacks in 2016 alone.
Now, millions of more computers are at risk of being infected with a new ransomware strain. The threat is being spread in a super clever way that is easy to fall victim to.
That's why you need to know what to look for. Don't forget to share this article with family and friends so they can also stay protected.
It starts with a phishing email
The latest ransomware attack, dubbed Scarab, is being distributed by the Necurs botnet through phishing emails. Scarab first appeared earlier this summer but was recently updated to block users from using third-party recovery tools.
This attack is spreading extremely fast. Within the first six hours of being launched, over 12.5 million malicious emails were sent to unsuspecting victims.
The phishing emails supposedly contain a scanned document that the recipient will want to look at. The "document" is actually a 7zip attachment that contains a VBScript downloader. If the attachment is clicked, it will infect your gadget with ransomware.
Here is an example of what the phishing email looks like:
Image: Example of phishing email spreading Scarab ransomware. (Source: Forcepoint)
People from all over the world started receiving these malicious emails on November 23, 2017. The email subject line says the document was scanned from trusted printer companies like:
- Scanned from Lexmark
- Scanned from Epson
- Scanned from HP
- Scanned from Canon
Once your gadget is infected, a ransom note appears. It begins with, "If you want to get all your files back, please read this."
The note goes on to demand payment. In a strange twist, the scammers don't have a set ransom. Instead, the note says, "the price depends on how fast you write to us."
Image: Example of Scarab ransom note. (Source: Forcepoint)
The best way to avoid this ransomware attack is knowing how to spot a phishing email and not clicking the malicious links. Keep reading for some helpful security suggestions.
Be cautious with links
The most important thing you can do to avoid falling victim to phishing attacks is to not click on links within unsolicited emails. Cybercriminals constantly come up with clever, fraudulent messages that look like they're from legitimate sources and contain malicious links. Clicking these links can lead to your gadget being infected with ransomware.
That's why you need to be able to recognize a phishing scam. One thing to watch for with phishing attacks are typos, criminals are typically careless with spelling and grammar. If you receive an email or notification from a reputable company, it should not contain typos. Take our phishing IQ test to see if you can spot a fake email.
Have strong security software
Make sure you're using strong antivirus software on all of your gadgets. And keep them up-to-date for the best protection. This is the best way to keep your device from being infected with malware.
Set up two-factor authentication
Two-factor authentication means that to log in to your account, you need two ways to prove you are who you say you are. This adds an extra layer of security and should be used whenever a site makes it available. Click here to learn how to set up two-factor authentication.
Use unique passwords
Many people use the same password for multiple websites. This is a terrible mistake. If your credentials are stolen on one site and you use the same username and/or password on others, it's easy for the cybercriminal to get into each account. Click here to find out how to create hack-proof passwords.
Back up your critical data regularly
Backing up your critical data is an important safety precaution in the fight against ransomware. We recommend using our sponsor, IDrive. You can backup all your PCs, Macs and mobile devices into ONE account for one low cost! Click here to receive a special discount of 50 percent.
Cybercrime is happening all the time, don't become a victim by making these security mistakes
We all do it. You make security mistakes that put your family at risk and probably don't even know it. In this digital age where everything from your garage door to your laptop, tablet, smartphone and light bulb are connected to the internet, you're leaving yourself open to hacks. Criminals around the world can remotely access your home.