Column: Sneaky ransomware attacks are growing

Q: I recently opened what looked like a resume in Outlook which made everything go crazy. Now I’m locked out of my files with a message that says I need to pay to get them back.  What do I do?

A: You’ve been hit by one of the many sophisticated “ransomware” attacks by hackers that have recently surged in popularity. This has become a very lucrative extortion scam for organized cybercrime groups, generally thought to be located in Eastern Europe and Russia.

There are two reasons that we’re seeing another surge in ransomware: better social engineering and crowdsourcing.

In your case, you were opening what you thought was a resume, which likely means that you were on a business computer. In the past, the cyberthieves were happy to snag anyone who fell for their traps, but now they are specifically focusing on businesses. They have learned that businesses are more likely to pay the hefty ransoms because they can’t operate without the files that are being held hostage.

They also know that they only need to get one person in a company to fall for the scam in order to hold the entire company hostage.

Think like a hacker for a minute: By finding companies that are actively posting employment ads, it’s more likely someone will open an attachment that’s posing as a resume for a posted ad.

They’re also replying to Craigslist ads with rigged malware documents posing as resumes.

Anyone either posting or applying for a job needs to understand this new threat and think about changing how they interact. Employers should look into one of the many online employment resources that allow applicants to create online resumes instead of using email attachments.

Those looking for jobs should think about other ways to get their work experience in front of employers, such as fully filled-out LinkedIn profiles or the online employment resources.

The crowdsourcing development in ransomware attacks is the most disturbing thing to me. In the past, cyberthieves had to pay hefty sums to get their hands on the ransomware attack programs, but not anymore.

Anyone who knows how to navigate the “dark web” can find a number of places to download a ransomware kit and spread it however they want. When someone pays up, a “commission” is paid by the developer to whoever distributed the attack.

Recently, we’ve seen versions that instantly resend the infection to thousands of people in the address book of the infected computer to help spread the threat.

If you don’t have a good off-site backup of your critical data, your only options are to pay the ransom (which encourages these guys to continue) or start over without the infected data.

We’ve all heard it over and over again: DON’T OPEN EMAIL FILE ATTACHMENTS. But these guys are really good at creating scenarios that encourage people to let their guard down.

They know most businesses couldn’t survive a complete loss of their critical business data, which is why they’ve stepped up their game.

Whether you’re a home or business user, if you haven’t recently reviewed and verified your off-site backup system, consider this a wake-up call!

Editor’s note: Ken Colburn is founder and CEO of Data Doctors Computer Services. Ask any tech question you have on his Facebook Page.

Federal News Network Logo
Log in to your WTOP account for notifications and alerts customized for you.

Sign up