Ransomware attacks are becoming more and more prevalent. However if users are educated on how to recognize this malware, infections can be reduced.
Some of you have seen the news over the last couple days concerning the hospital in California that was the target of a ransomware attack. This was a particularly high profile case because it was a large institution that acknowledged the hack and they actually paid the ransom demanded by the hackers; $17,000.00 or 40 bit coins.
Ransomware is usually delivered to networks via a phishing email. It prays on people’s natural curiosity by using a compelling message in the subject line prompting a user to open an attachment.
The ransomware malware TricycleFish has removed from offices in Delray Beach and Boca Raton all had double extensions.
What is an extension?
A file extension is the ending of a file that helps identify the type of file in operating systems such as Microsoft Windows. For example: an Adobe Reader file would look like “example.pdf“, an Excel file would look like “example.xls.”
A double extension is a deliberate attempt to try and trick the end user into thinking the email attachment is safe.
Important: Windows by default will hide extensions for known file types such as .exe. In order to see the double extension you need to change this setting. Go to Control Panel > Folder Options (File Explorer Options in W10) > View (tab) and uncheck the box next to “Hide extensions for known file types.”
For example the attacker might attach a document to the email that looks like it’s from a familiar business. It may look something like this: “May 2015 Checking Account.pdf.exe” or “Invoice from FedEx.pdf.zip”.
Most users will see the .pdf extension and disregard the .exe or the .zip extensions. This a problem as the .exe means that the document is an executable file. Once it’s opened it “executes” its installation and within seconds encrypts all files on the computer where it was opened as well as any files that contained in drives that are mapped on the infected computer. TricycleFish has seen contents of entire servers become encrypted.
Advise all users within your organization to be on the lookout for files with double extensions. If they receive an email with such an attachment it should be immediately deleted.
Once your files are encrypted you can only get them back by either paying the ransom or restoring your files from backup.
Everyone is familiar with the old adage “An ounce of prevention is worth a pound of cure.” If you would like more information on how to prevent ransomware from infecting your network please drop us a line at firstname.lastname@example.org or visit http://tricyclefish.com/get-i-t-help-now/