9 out of 10 Phishing Emails Distribute Ransomware

By | January 7, 2017
Print pagePDF page

9 out of 10 Phishing Emails Distribute Ransomware

We’ve been asked many times how people get ransomware, so we thought it might be a good idea to write an article about ransomware and how it’s distributed – and why it’s spreading like wildfire.

Ransomware is everywhere these days, so it’s becoming harder and harder to hide from it. Cyber-criminals are beginning to abandon other more labor-intensive scams (like credit card theft or identity theft) in favor of ransomware, which returns huge financial rewards, with very little effort or risk.

In the past, identity theft, credit card theft and fraud, and bank account fraud accounted for over 90% or more of financial losses incurred by individuals. But these kinds of thefts & scams are labor intensive. The cyber-criminal has to trick individual’s into giving up passwords, bank account numbers, credit card numbers, or all of these. Then the cyber-criminal has to act – either draining bank accounts, charging goods to a credit card or using the passwords obtained by phishing to access other financial accounts of the victim. The chances of being caught are also significant.

With ransomware, all the cyber criminal has to do is send out millions of phishing emails, get small percentage of the recipients to click a link and download his/her brand of ransomware. Once the victims install the ransomware, all their personal files are immediately and irrevocably encrypted and the only way to get access to those files back again, is to pay the ransom. Ransoms are generally paid using cyber currency (usually Bitcoin) and range from $200 to $8000. The victim has the choice to lose access to all his/her personal files or pay the ransom. All the criminal has to do is sit back and wait for the ransom money to flow into his/her account. The decryption key is sent automatically to the victim as soon as the ransom is paid. The chances of the cyber criminal being caught are less than with other forms of cyber theft and fraud.

Image courtesy of KnowBe4

According to Cybercrimes Watch, over 75 million phishing emails are sent every day – and a whopping 93% of those now contain links to download ransomware. According to the FBI, the ransomware business now generates over $2.3 billion dollars for criminals annually. And that could be just the tip of the iceberg as it includes only the 17,000+ cases which were reported to the FBI.

And it’s only just beginning. In the near future we’re almost certainly going to see ransomware using AI (artificial intelligence).And that could be quite scary.

Business Insider, began an article with the following paragraph:

Imagine you’ve got a meeting with a client, and shortly before you leave, they send you over a confirmation and a map with directions to where you’re planning to meet. It all looks normal — but the entire message was actually written by a piece of smart malware mimicking the client’s email mannerisms, with a virus attached to the map.

It sounds pretty far out — and it is, for now. But that’s the direction that Dave Palmer, director of technology at cybersecurity firm Darktrace, thinks the arms race between hackers and security firms is heading.

As artificial intelligence becomes more and more sophisticated, Palmer told Business Insider in an interview at the FT Cybersecurity Summit in London in September, it will inevitably find its way into malware…

Malware will learn to mimic people you know

Using recurring neural networks, it’s already possible to teach AI software to mimic writing styles — whether that’s clickbait viral news articles or editorial columns from The Guardian. Palmer suggests that in the future, malware will be able to look through your correspondence, learn how you communicate, and then mimic you in order to infect other targets…”

Hey, we are not trying to scare you, we just want you to know what’s going on around you in the cyber world. It’s not meant to scare you anymore than some great naturist telling us what berries and mushrooms are poisonous and which are safe to eat are trying to scare us. You’re much safer if you know what’s out there, and what to watch out for.

So, how can you avoid being a victim of ransomware?

Image courtesy of KnowBe4

The same old advice we’ve been giving you for years still applies.

1. THINK BEFORE YOU CLICK a link in an email.

2. Never open an attachment to an email unless you know what it is, who sent it, and you were expecting it.

3. If an email looks suspicious, delete it. don’t take chances. If it appears to be from a friend, but if you’re not sure, call or email your friend to make sure. If its suspicious email from a business and it’s one that appears to require action on your part, contact the business.. NEVER randomly click links if you’re not sure who sent you the email. Email headers and return addresses can be easily forged. THINK BEFORE YOU CLICK.

4. Banks, credit card companies and financial institutions are never going to send you an email asking you to click a link to verify your account or your password – or to tell you your account has been compromised and you need to log in to change it. NEVER. NEVER. NEVER. If you get an email from your back, credit card companies, or other financial institutions, and you’re not sure, type the URL of the company in the address bar of your browser, or better yet, pick up the phone and call them and ask. THINK BEFORE YOU CLICK.

4. Use a good antivirus/anti-malware. Today (1/07/2017) we tested Emsisoft against ten ransomware that are currently most prevalent on the Internet. Emsisoft protected us from all ten. We trust all our computers to Emsisoft; we think it’s the best.

5. That being said… No matter how good security software is, there are always new ransomware programs being designed, developed and distributed every day. The internet is always changing; it’s always evolving. The best security software you can install is already installed between your ears – your brain. Use your common sense…  and THINK BEFORE YOU CLICK.

Be careful out there… and have a great ransomware-free year!

 

8 thoughts on “9 out of 10 Phishing Emails Distribute Ransomware

  1. Nora

    Thanks for the reminder. You guys r the greatest. You’re like really great parents (ok, …. cyber parents) reminding us to keep our eyes open and look both ways before u cross the street. With so much nefarious hoodlums out there it’s refreshing to know you guys are watching out for all of us! Thank you!

    Reply
  2. Ron

    Hi guys, thanks for all the advice. Just yesterday I got a video from a distant friend on Facebook messenger. The video had no name just a “you tube number”. I did click because I know them but “Emmisoft” came to the rescue and said it was a suspicious file. so I deleted it. She wrote later that her computer had been hacked. So happy that I followed your advice and bought Emmisoft,( I got it when you had your special for Emmisoft plus Revo uninstaller pro.) I got it for multiple computers so my daughter would have it . She tends to be a little careless on the web.
    I have also intalled Last Pass. Now I have one password to remember and all of my accounts are secure. Sounds like I am pushing all of your products, but really I am thanking you for my computer being secure. Been with you a lot of years. Thanks again,
    Ron

    Reply
  3. Jock Reid

    Hi Guys,
    I have been a member and reader of cloud eight for many years. Being an old man I’m afraid that the internet was
    always a worry to me, I’m not certain how many times that you guys have warned me by reading your extracts on different programmes and possibly saved me many many times and for that I thank you all for that and all the others that you have helped in years gone by. I would also like to wish the whole crew A Very Happy and Healthy New Year in 2017.
    Awra Best,
    Jock.

    Reply
  4. Richard Baxter

    Is there anything wrong with using a Cheap Kindle to handle all email and eliminate it from my PC?
    If any ransomware shows up I simply do a factory reset.

    Reply
    1. infoave Post author

      What’s wrong with just being careful what you click? I don’t see any reason to leave a PC for a Kindle Fire. Kindle Fire is nice for reading a book or playing a game, but I for one would not want to give up a PC or Mac for a Kindle. You don’t have to. It’s not that hard just to think before you click.

      Reply

Leave a Reply

Your email address will not be published. Required fields are marked *