Email from the Post Office or a Ransom-ware attack?
You notice an email from the post office so you open it to see what it’s about: The courier couldn’t find you at home, so you have to go to the post office yourself to get your package. Not completely unfamiliar, is it?
You click the link in the email then you are redirected to a website which downloads a file in order to “track your parcel”.
When you open the file, your data starts being encrypted immediately and a message pops up asking for a RANSOM.
You have officially been infected with Ransom-ware!
Ransom-ware is a malicious piece of software that encrypts your data so it becomes inaccessible to you. You are then forced to either pay a ransom to decrypt the data or restore it from a backup if you ever want to use it again.
Although the infection is local to your computer the true impact isn’t realised until you see what additional files are encrypted. Dropbox, OneDrive, Google Drive, USB Drives and Shared Network are additional examples of the locations it will encrypt
Is your business prepared for this? As you can imagine this has a significant impact. Not only are you dealing with the stress of making sure your disaster recovery procedure works, staff are usually unable to work due to critical data also being encrypted as part of the attack on company shared network drives. We have seen this occur to many businesses and unfortunately it is an expensive exercise. Some examples:
- The business needs to restore data to the previous working backup
- You need to pay an IT provider to restore the data
- Your staff are unable to work for the duration of the restoration
- The infected machine should be rebuilt
When you look at these tasks you can see the recovery effort is significant.
Because Ransom-ware is constantly evolving, the detection rate is very low for each security product on the market. We find that staff training is one of the best ways to prevent the infection from occurring in the first place.
One of most common method of infections found in Australia is in the form of an email. One of which is the Australian post. The Australia post is an organization that has been around for over 100 years so people trust them as an institution. People therefore usually do not give it a second thought before clicking on a link leading to infection.
So how do you identify the threat?
This image is a common example email. You might not notice the issues immediately but after reading this article we are hoping that you will be more aware of what to look for.
In this example are a few key indicators in this email that suggest this email is fraudulent.
- The email from domain is not auspost.com.au
- When hovering over the link without clicking you will see that the address is not an Australia Post URL
- There is incorrect grammar in the email
- Australia Post does not charge to hold your item at the Post Office as the notice states
- Auspost will never ask you to print off a label to redeem your package, they leave a calling card in your letterbox
This basic knowledge will help you reduce the likelihood of an infection in your environment.
SureBridge can put strategies in place to reduce the impact to any business. Solutions as small as a new security product that is managed through the cloud, to full disaster recover strategies to ensure you have a business continuity plan.
If you are unsure for any reason please contact SureBridge and we can help you.