Over the past 6 months, a type of email fraud has come to the fore which has started to provoke concern …. and rightly so. Increasingly, we are seeing instances within our customer base and because they appear to emanate from the CEO or CFO, often pass through spam filters with ease.
Please be aware that a new infection technique is doing the rounds; targeting Google Chrome users. The “font wasn’t found” message that appears if you land on certain websites encourages the user to download the "missing" font. Do not download and install .. it’s a trap!
Hackers are targeting genuine but poorly maintained or secured websites, changing the code, and simply visiting an infected site can cause this prompt to appear This infection method has been reported to install ransomware Trojans.
Please make your staff aware of this threat.
Every week seems to bring news of high profile cases of new ransom-ware attacks. Its nasty stuff; nasty enough that the US and Canadian authorities yesterday issued a rare joint cyber alert warning about the upsurge in attacks.
The plague doesn't seem to be going away anytime soon. Enabling the ransom-ware plague is the fact that many businesses and individuals seem to be casual in their habits and unaware of the risks; sometimes over reliant on technical measures to provide safety.
I may be labouring the point (and please forgive me for this), but the advice remains the same:
- Ensure your antivirus is running. Be alert for warnings. Don't cancel scans just because it is inconvenient or slowing you down
- If Windows is prompting to restart to apply updates; don't delay
- If you suspect something odd is happening; report it
- Be VERY wary of email attachments, links in emails, websites you don't know and software offered for free
- Educate your team on the risks; any system is only as strong as its weakest link
- If you havent got regular backups; get some. In the event of a ransomeware attack this may be your only route out of trouble
For those who haven't already downloaded it, we have a free information sheet for staff available for download here (irony alert ... but I can assure you it is safe)
One of our more technically aware customers, Alison Turnock of David Turnock Architects, alerted us to a story yesterday relating to ransomware and Lincolnshire Council; whose system was shut down for “several days” as a result of a single employee opening an infected email. While the impact may be shocking for many, this is an all too familiar story for those of us involved in IT security. If even Lincolnshire Council, no doubt with a permanent team of IT staff and barriers that far exceed anything most SME’s can justify can be bitten; it goes to prove that the staff education and training is an essential supplement to any technical measures that can be put in place.
To assist you in this education, EasylifeIT™ has produced an A4 Cybersecurity – Tips for your end users, which is available from our website here: http://www.easylifeit.com/images/pdf/PrintandProtectIT.pdf
Click here for more information on the Lincolnshire story: http://www.infosecurity-magazine.com/news/ransomware-shuts-down-lincolnshire/