In recent years another new term has emerged to describe yet more malicious software that attacks users. This one is called ransomware.
So what does ransomware do?
When a computer become infected with this software, all the files on the computer get encrypted. The user is then notified and offered an option of paying a ransom to get the secret decryption key in order to recover the files. If the user refuses to pay up all the encrypted files are lost.
There has been a large increase in ransomware attacks worldwide in recent months. The Information Security Office team is seeing large numbers of spam emails being intercepted here at Otago that are connect to ransomware attacks.
A recent attack
Many staff recently received an email claiming to be from a lawyer that suggested the user had breached copyright on some material. This spam was deliberately sent during the weekend so that users would not have the usual support channels available (Alarm bell #1). This email was sent to many other Universities.
An analysis from another institution of the email revealed that some interesting things.
- The email had a zip file attached (Alarm bell #2)
- The zip file attached to the email contained a pdf that had a script in it.(Alarm bell #3)
- This script requested the user to install a special font in order to read the pdf (Alarm bell #4)
- If the user (or their IT support person) finds the font and installs it then the ransomware is installed and immediately starts encrypting all the user’s files INCLUDING those on file shares.
Targeted spam attacks are getting more sophisticated. They use real companies and individual’s names. They are sent outside normal work hours, i.e. during weekends or holidays, or overnight. They often appear to be relevant to the target people, i.e. copyright issues for academics, or account information for financial staff.
Things to do (or not do)
- Do not respond to unexpected emails outside work hours (It really isn’t that urgent)
- Do not respond to requests to “take an action” (It truely is not that urgent)
- Check with IT staff or colleagues if you get an unusual email. Chances are it will be a known attack, or it will alert staff of a new one under way
- Be prepared. Make sure all your data files are properly backed up. Some of the ransomware attacks are now targeting backups as well as file shares so backups should not be accessible to the attack
For more information or assistance, contact the ITS ServiceDesk or the Information Security Office.