So This is What Happens in a Ransomware Attack

September 26, 2016

IT Security

By Aimee

SHARE THIS PAGE
ransomware_attack_tlc_solutions_4.jpg

 

“My data was held ransom. And I did it on purpose.”

Masood Nasir, a Telus Information Security Consultant, decided it was time to see how ransomware attack looks like and how damaging those spam emails could be to ordinary folks’ personal lives. After all, if he gets a lot of spam emails on his personal email on the daily, just as much is being sent to others as well.

So as part of Telus’ Security initiative, he asked himself, “What would happen if I actually clicked?”

To click or not to click, that is the question

One or two wrong clicks could quickly send users’ personal computers with a virus or Trojan with less than appealing results – irreversible data loss or expensive data recovery. That’s not even the worse. Without their notice, hackers may complete control of their computer and may even be watching them through their webcam and recording all of their keystrokes.

While some spam emails are way too obvious to be believed, some will try every social engineering trick in the book to lure users into clicking. These headlines may make you pause and think twice and disrupt your routine of immediate deletion. They’ll say such things as “Order Form,” or “Notice to appear in court for jury duty,” or “We could not deliver your package,” which all appear to be normal circumstances in today’s lives.

The spam email

ransomware_attack_tlc_solutions_1.png

This was the email he received. It fairly looks normal. So what gave it away?

There can be three indicators, he says. These are email address, attachment or link, and double extension.

Email address – look at this one carefully as majority of the time, this will be a hacked email address of another victim or it’s setup by cyber criminals exclusively for their attack. The one he got was from

Attachment or link – There are times where cyber criminals have setup a phishing page for the user to visit and so puts a link. Of course, the first line of defense is to not click on it but because of their social engineering tricks, people may make a mistake and click. In the case of Nasir, his was a zip file containing one file – 000279315.doc.js.

Double extension – Notice that the above file contains two extensions .doc and .js. He says that by default though, a Windows computer will hide the known extension so they file may appear as 000279315.doc. Recently, JavaScript is being used for downloading Trojans or malware.

The end

Once he clicked on the file, this ransom note appeared on his screen:

ransomware_attack_tlc_solutions_2.png

Now, before you panic for him, he did this experiment on a test virtual machine that just had some existing sample picture files. He checked on these sample photos and they were indeed encrypted and required payment to access.

ransomware_attack_tlc_solutions_3.png

Imagine if this was your personal computer or laptop and has a lot of legal files and years of family photos with no offline backup – then they’re all gone. Unless of course, you pay the pay 0.50815 bitcoin (equivalent of 443.68 Canadian dollars) to get your files back.

Of course, there are precautions you can take and we will tackle that on another post. Meanwhile, here are 9 ways to keep your computer security intact.

 


WHAT'S NEXT?

If you want to talk more security for your business, click below to schedule an assessment with us. We'll take a look at your network and identify its vulnerabilities and provide a plan of action against the possible threats.

New Call-to-action

Tags: IT Security

Was this article useful? Sign-up and we'll send you more like this every week!

Recent Posts

New Call-to-action
New Call-to-action
New Call-to-action