9 out of 10 Phishing Emails Distribute Ransomware
We’ve been asked many times how people get ransomware, so we thought it might be a good idea to write an article about ransomware and how it’s distributed – and why it’s spreading like wildfire.
Ransomware is everywhere these days, so it’s becoming harder and harder to hide from it. Cyber-criminals are beginning to abandon other more labor-intensive scams (like credit card theft or identity theft) in favor of ransomware, which returns huge financial rewards, with very little effort or risk.
In the past, identity theft, credit card theft and fraud, and bank account fraud accounted for over 90% or more of financial losses incurred by individuals. But these kinds of thefts & scams are labor intensive. The cyber-criminal has to trick individual’s into giving up passwords, bank account numbers, credit card numbers, or all of these. Then the cyber-criminal has to act – either draining bank accounts, charging goods to a credit card or using the passwords obtained by phishing to access other financial accounts of the victim. The chances of being caught are also significant.
With ransomware, all the cyber criminal has to do is send out millions of phishing emails, get small percentage of the recipients to click a link and download his/her brand of ransomware. Once the victims install the ransomware, all their personal files are immediately and irrevocably encrypted and the only way to get access to those files back again, is to pay the ransom. Ransoms are generally paid using cyber currency (usually Bitcoin) and range from $200 to $8000. The victim has the choice to lose access to all his/her personal files or pay the ransom. All the criminal has to do is sit back and wait for the ransom money to flow into his/her account. The decryption key is sent automatically to the victim as soon as the ransom is paid. The chances of the cyber criminal being caught are less than with other forms of cyber theft and fraud.
According to Cybercrimes Watch, over 75 million phishing emails are sent every day – and a whopping 93% of those now contain links to download ransomware. According to the FBI, the ransomware business now generates over $2.3 billion dollars for criminals annually. And that could be just the tip of the iceberg as it includes only the 17,000+ cases which were reported to the FBI.
And it’s only just beginning. In the near future we’re almost certainly going to see ransomware using AI (artificial intelligence).And that could be quite scary.
Business Insider, began an article with the following paragraph:
Imagine you’ve got a meeting with a client, and shortly before you leave, they send you over a confirmation and a map with directions to where you’re planning to meet. It all looks normal — but the entire message was actually written by a piece of smart malware mimicking the client’s email mannerisms, with a virus attached to the map.
It sounds pretty far out — and it is, for now. But that’s the direction that Dave Palmer, director of technology at cybersecurity firm Darktrace, thinks the arms race between hackers and security firms is heading.
As artificial intelligence becomes more and more sophisticated, Palmer told Business Insider in an interview at the FT Cybersecurity Summit in London in September, it will inevitably find its way into malware…
Malware will learn to mimic people you know
Using recurring neural networks, it’s already possible to teach AI software to mimic writing styles — whether that’s clickbait viral news articles or editorial columns from The Guardian. Palmer suggests that in the future, malware will be able to look through your correspondence, learn how you communicate, and then mimic you in order to infect other targets…”
Hey, we are not trying to scare you, we just want you to know what’s going on around you in the cyber world. It’s not meant to scare you anymore than some great naturist telling us what berries and mushrooms are poisonous and which are safe to eat are trying to scare us. You’re much safer if you know what’s out there, and what to watch out for.
So, how can you avoid being a victim of ransomware?
The same old advice we’ve been giving you for years still applies.
1. THINK BEFORE YOU CLICK a link in an email.
2. Never open an attachment to an email unless you know what it is, who sent it, and you were expecting it.
3. If an email looks suspicious, delete it. don’t take chances. If it appears to be from a friend, but if you’re not sure, call or email your friend to make sure. If its suspicious email from a business and it’s one that appears to require action on your part, contact the business.. NEVER randomly click links if you’re not sure who sent you the email. Email headers and return addresses can be easily forged. THINK BEFORE YOU CLICK.
4. Banks, credit card companies and financial institutions are never going to send you an email asking you to click a link to verify your account or your password – or to tell you your account has been compromised and you need to log in to change it. NEVER. NEVER. NEVER. If you get an email from your back, credit card companies, or other financial institutions, and you’re not sure, type the URL of the company in the address bar of your browser, or better yet, pick up the phone and call them and ask. THINK BEFORE YOU CLICK.
4. Use a good antivirus/anti-malware. Today (1/07/2017) we tested Emsisoft against ten ransomware that are currently most prevalent on the Internet. Emsisoft protected us from all ten. We trust all our computers to Emsisoft; we think it’s the best.
5. That being said… No matter how good security software is, there are always new ransomware programs being designed, developed and distributed every day. The internet is always changing; it’s always evolving. The best security software you can install is already installed between your ears – your brain. Use your common sense… and THINK BEFORE YOU CLICK.
Be careful out there… and have a great ransomware-free year!