A new phishing campaign (think, ‘bait’) is sending hundreds of thousands of emails disguised as your own employees or departments, such as HR or Accounting. Ransomware emails are surprisingly well-worded, and appear to come from a legitimate email address and domain name – this is called email spoofing. At first glance, they rarely raise any red flags. However, the email usually comes with a demand for money for an arbitrary service (hence, ‘ransom’), along with an attachment that is either a Microsoft Word file (.docx) or template file (.dot).
Opening the attachment will cause a VBScript to execute and infect the machine with the ransomware. The ransomware will encrypt your files so they cannot be opened until you comply with the ransom demand and/or enter an encryption key. The longer you wait, the larger the ransom you have to pay.
Ransomware is different from traditional malware and computer viruses of the past. Before, the computer was not truly vulnerable unless it had an internet connection. Pop-ups and botnets distribute themselves via the internet. Ransomware can infect your computer when it is offline. Any files your machine can access, whether stored on your hard drive or an external device (USB), are vulnerable. This means you could be in airplane mode and still get infected.
Everyone is at risk. Many hospitals in particular have faced shutdowns and declared emergencies in the wake of file-locking malware. More recently, the federal agency issued a flash advisory to help businesses investigate this emerging new type of malware.
For more information on hospital attacks, click here.