If you think you’re safe because your data is in the Cloud, think again. Your entire mailbox could be encrypted by clicking on a bad attachment. A new ransomware strain dubbed as “Ransomcloud” encrypts your online email accounts like Office 365 and Gmail in real-time. This means that along with the emails on your computer, your online email messages can be encrypted.
Ransomcloud infects and locks your emails in the Cloud. It’s similar to other types of ransomware where the criminal tricks you with phishing scams that contain poisoned attachments or links. A white hat hacker developed the Ransomcloud strain that encrypts cloud email accounts like Office 365 in real-time.
This strain uses a smart social-engineering tactic to trick you into giving the bad guys access to your cloud email account. It does this under the ruse of a “new Microsoft Anti-spam service.” It uses social engineering to deceive you to gain control over your computer system.
Attackers are currently sending a phishing email disguised as the new Anti-spam service called Microsoft “AntiSpam PRO.” If you click the link and accept this service, it encrypts all of your online emails and attachments in real-time. It works with any kind cloud email service, such as Gmail and Outlook365 that allows third-party apps to control your account via an authorization system called OAuth.
Here’s an example of how “AntiSpam PRO” works.
You’ll receive an email requesting that you accept a new application from Microsoft. This request seems appropriate, but it’s a fake.
If you click “Accept” you’ll see this screen. And when you do, cyber thieves will have complete control of your computer. The bad guy can now encrypt your emails in real time and insert the ransomware into your cloud files. When this happens, you can read the header of your emails, but the content will be encrypted.
Next, you’ll receive an email that your messages have all been encrypted. The only way to recover your emails is to send the criminal $300 via Bitcoin.
What To Do? Stop – Look – Think
You must stop, look, and think before clicking on an email. If you don’t, your files on the Cloud could be encrypted. Ransomware is continually evolving as cybercriminals discover new ways to attack and gain access to your files (and now your email accounts).
Here’s how to protect against these kinds of attacks:
- Beware of emails with suspicious links – If you get an email or notification that just doesn’t seem right, don’t click it. Instead, type the website’s address directly into your browser to see if it’s valid. And before clicking any link, hover over it with your mouse to see the real web address. If the site isn’t what the link claims, don’t click on it.
- Be careful when granting permissions – Cybercriminals will try to trick you into granting them access to applications. Review the permissions in your apps and be careful when accessing them.
- Watch out for typos in emails – Phishing emails often contain typographical errors. When you receive an email or notification from a legitimate company, it shouldn’t contain typos.
- Always use multi-factor authentication when available – This requires at least two forms of identification such as a password and a security question to log in to confidential accounts.
Other New Threats To Watch Out For
- Ransomware-as-a-Service. This allows hackers without much experience to use ransomware. For a few dollars, they can develop custom-designed ransomware attacks. They are also targeting Point-of-Service (POS) systems. These are on the rise, so stay alert.
- Automated Phishing. Bots (software that perform an automated task over the Internet) are being used to send phishing and spear-phishing attacks where threat actors use a deep knowledge of potential victims to target them, and to tailor the attack. The bots make these difficult to detect.
- Mobile Malware. These target smartphones and mobile users.
- Search Result Tampering. On the increase. This is when you’re directed to a compromised website rather than a legitimate one.
- Extortion Scams With A Long Tail. This is a ransomware virus that uses sensitive content as the ransom.
- Micro-Ransomware. Extorts one document at a time.
- False-Flags and Blameware. These are expected to increase and are used to spread propaganda to incite controversy between countries.
- Pseudo-Ransomware. Where hackers try to infiltrate your organization using multi-vector attacks like smishing (SMS phishing) and vishing (the VoIP version of phishing).
Ask Intivix To Help
Here are some of the things we can do to keep your data safe from cybercriminals:
- Use secure email gateway and web gateway programs that provide URL filtering. We’ll also ensure they are tuned correctly.
- Patch your endpoints, operating systems, and third-party apps.
- Make sure your endpoints and web gateway utilize next-generation, and frequently updated multi-layered security.
- Users who handle confidential information will be forced to use two-factor authentication.
- Perform reviews of internal security policies and procedures – especially those related to financial transactions.
- Check your firewall configuration and make sure no criminal network traffic is allowed out to Command & Control servers.
- Provide new-school security awareness training, including frequent social engineering tests using multiple channels.
- Deploy weapons-grade backups in place.
- Work with you on budgeting for cybersecurity and eliminate any overspending on solutions that simply target one threat at a time.
- If your system gets infected with ransomware, we can re-image it from bare metal.
For more information on keeping your data safe, contact the experts at Intivix in San Francisco at: (415) 543-1033 or [email protected]