These messages come in emails that have file names that are interesting enough that users want to click them; but don’t. They come with a .zip or .rar extension and include such malicious favorites as TeslaCrypt and Locky, which was been attacking hospitals most recently.
There are a few defenses against this. Ensure you always keep a recent backup of important files from your computers. Also, install trusted anti-malware software and make sure it’s kept up-to-date. While this particular attack may get around this, it’s still important to have it installed. Of course, never open attachments or click links in email messages that you suspect may not be legitimate, especially if they come from unknown senders. Remember that if the file has a .js or .jse extension, it should be considered suspect.
Finally, always keep your system updated with the latest critical and security patches. If you have an older operating system, such as Windows XP, consider upgrading to a newer version. Windows XP has not been supported for a couple of years now and as new exploits are found, the vulnerabilities they exploit will not be fixed.
Other tips to defend against this type of spam include:
- Making sure to scan all email messages that come through with updated anti-malware software,
- Disabling macros in Microsoft Office programs,
- Disabling macro loading in the group policy, if you are in charge of a corporate network, and
- Educating users on phishing and how to avoid it, including not clicking potentially suspicious links.
Remember that paying cybercriminals to unlock files they encrypted with ransomware is not recommended. Instead, restore any affected system with that recent backup you make sure to have on hand.
© Copyright 2016 Stickley on Security