You should know by now that the best method to protect your computer from ransomware and malware in general, is to prevent it from entering it on the first place. The second best thing is to backup your files so that if ransomware still manages to sneak in and encrypt your data, you have a way out.
Preventing ransomware from entering your system, however, is quite tough. After all, cyber crooks dedicate most of their efforts exactly in creating ways to trick you into clicking a malicious URL or opening a compromised attachment containing the ransomware.
Cyber crooks’ favorite and most successful method to thrust their ransomware creations into your system are in no doubt spam emails, diligently disguised as legitimate ones. So, how do you recognize the scam from the authentic one?
That’s what I’ll discuss in detail below.
Most Phishing Emails Now Contain Ransomware
PhishMe.com, a provider of phishing-defense solutions for the enterprise, released a report a couple of years ago, according to which 93% of phishing emails now contain ransomware.
Phishing email campaigns have seen a 6.3 million increase in raw numbers, due primarily to a ransomware upsurge against the last quarter of 2015. That is a staggering 789% jump.
The scary growth of phishing emails containing ransomware is mostly due to the fact that ransomware is becoming easier to develop thanks to the ransomware-as-a-service (RaaS), the high ROI cyber crooks get, and the relative safety and anonymity of its creators. The demanded ransom is usually bearably high so victims choose to just pay it in exchange for their decrypted files and get it over with, rather than struggling to recover their data, which may turn into a total havoc in the end. But the very fact that victims often choose to pay the cyber crooks is what encourages them to spread ransomware viruses even more.
How Cybercriminals Craft the Perfect Email Scam with Ransomware
Again, spam emails are the cyber crooks’ favourite way to distribute ransomware. It simply works. The malicious email is carefully crafted to imitate a legitimate sender. And, if the user is in a hurry, or curious enough or simply not aware of the dangers that may hide in his inbox, he will open it.
Cyber crooks have a variety of ways to customize the email carrier of their ransomware. They use geotargeting to learn substantial details about the targeted users. They will then imitate local brands, banks, ministries, other institutions and organizations, etc. that the users may be using or are in contact with and will use your language and local currency as well.
Cyber crooks also use soft targeting.
“This has been a creeping trend for a while now,” said Brendan Griffin, Threat Intelligence Manager at PhishMe.
Soft targeted phishing emails aim at people in a particular job category:
“It’s somewhere between a business compromise email or spear phishing attack, which is targeted at one specific executive, and the general-purpose spam email that goes out to everybody,” according to csoonline.com.
How to Recognize Emails with Ransomware
Obsessing with security may turn your cyber life into a total nightmare as the more you look for threats, the more traces of them you’ll find. Being hyper-alert, however, would do wonders for your cyber security. And that means to be educated on what’s out there and how you can avoid it. Here are several tips on how you can actually distinguish the good from the bad:
Disposable or temporary email domains
Cyber crooks often use disposable or temporary email domains to spread ransomware and other malicious components. Basically, after you’ve opened such email, it will self-delete.
You can find a detailed list of such domains to gain an idea of how they possibly look like – gist.github.com – and avoid them.
Distribution sites of ransomware
If you have doubts about a URL contained in an email you’ve just opened, do not click it. Use a ransomware tracker to see what kind of sites some of the most notorious ransomware viruses use and be alert of such URLs not only in your inbox. After all, spam emails are not the only way to spread ransomware.
A message from a Government agency
Below is a sample of a malicious attachment contained in a spam email aiming to spread Philadelphia ransomware. It looks like a legitimate notice from the Brazil’s Ministry of Finance. Once you open the attachment, you trigger the ransomware’s downloading process. And, while you are wondering why you received this notice from the Brazil’s Ministry, Philadelphia ransomware has already sneaked into your computer and has encrypted your files without your knowing or permission.
The email sender and signature
Before clicking the URL or opening the attachment in an email, carefully check the sender and the signature. Lack of details about the sender/signer and contact info suggests a phish.
As for the sender, cyber crooks often spoof the display name of the spam email. Return Path, an email data solutions provider, analyzed more than 760,000 email threats targeting 40 of the world’s largest brands, and reported that almost half of them spoofed the brand in the display name.
Something just doesn’t look right
Casino security teams in Las Vegas are trained to look for anything that doesn’t look quite right. They even came up with a term – “JDLR” – which stands for “just doesn’t look right”. The same applies to emails, too.
Simply said, if something looks suspicious to you, do not open it.
Related readings:
- Fake Cracked Software Delivers STOP Ransomware
- LockFile Ransomware Uses Unique Intermittent Encryption to Evade Detection
- Conti Ransomware Now Able to Destroy Data Backups