Security Experts Discover a 4000% Increase in Ransomware Emails

While some countries in the world cannot seem to have the first wave of the COVID-19 pandemic under control, others are already reporting the signs of what might turn into the second wave. At this point, it seems like we are going to live in this cycle until an effective vaccine is discovered and made available to everyone from the villagers in the Amazon jungle to the city dwellers in Manila. While millions of people around the world are losing jobs and businesses, leaving offices to work from home, and scrambling to get masks and disinfectant products to protect themselves physically, cybercriminals are having a heyday. They know that people are more vulnerable than ever, and they know exactly how to approach them with extremely clever scams. In this report, we talk about ransomware emails that are spreading like wildfires.

Watch out for whaling attacks

You might be unfamiliar with the term, but TechTarget defines whaling as “a specific type of phishing attack that targets high-profile employees, such as the CEO or CFO, in order to steal sensitive information from a company.” These days, communication within companies via email is more frequent because one cannot just swivel in a chair to face a co-worker and pop a question. While many countries in the world are already relaxing quarantine requirements, and people are going back to work, there are still millions of people who work from home. These are the people who rely on Zoom, Skype, and other video conferencing technologies, phonecalls, and, of course, email to communicate with their team members, employers or employees, and clients. Unfortunately, all companies take different approaches when it comes to cybersecurity training, and while some might be well aware of the dangers associated with spam, phishing, and whaling attacks, others might be completely clueless.

The Canadian Press spoke with two cybersecurity experts, who shared their findings during the pandemic. Scott Beck, who represents an IT security and support company BeckTec, disclosed that his company saw a 4000% increase in ransomware emails and that 53% of incoming emails were phishing emails. David Shipley, who is the CEO of Beauceron Security, saw an increase in ransomware-related attacks by up to 350%, and he also can list at least 13,000 malicious websites whose domain names include some form of the word COVID-19. Shipley also shared that whaling attacks were among the most dangerous at the time. If companies do not take their time to educate their employees on how to spot and deal with phishing emails, they might end up losing a lot of money, which is not something anyone wants in this economy.

What is a ransomware email?

A ransomware email is a misleading, often cleverly-worded email that is set up to spread ransomware. This kind of malware has been linked to other types of COVID-19 related scams as well. For example, the well-known Unicorn Ransomware was found spreading with the help of a fake COVID-19 contact tracing app. Ransomware is used to encrypt files, after which cybercriminals can extort money, make false claims, and also feed lies just to reach their goals. Under normal circumstances, if someone receives a strange email, they can just check-in with the sender to see if it is legitimate. That is if the sender works in the same office. However, when people are working remotely, keeping track of every message can be difficult. Also, when we work from home, we are often more relaxed and forget about the potential cybersecurity dangers. We often mistakenly assume that cybercriminals are more interested in company networks and systems rather than home computers. In reality, cybercriminals are happy to attack pretty much anyone.

The recipient of a ransomware email, in most cases, is completely random. Cybercriminals take email addresses previously exposed in data breaches, collected using fake surveys and online forms, or available publicly online. They then create a misleading message, slap on an intriguing, shocking, or completely ordinary subject line, send a mass email, and hope that some recipients open the attached file. In some cases, links are used, but they serve the same purpose, which is to trick the recipient into executing a malicious file. Of course, if a company experiences a data breach, where all employees’ and clients’ emails are leaked, or if email addresses are posted online, cybercriminals could conduct a more personal attack.

Let’s say the attacker finds the email address of a CEO or someone else in the higher ranks. They can create an email account with a similar name (this could mean a one letter difference), and send misleading emails as if they were sent by that CEO. In a different scenario, if the account is not protected appropriately, it could be hijacked and used to send emails with malicious attachments in a more believable way. Note that accounts are not considered to be protected if they are “secured” by weak passwords and if some kind of multi-factor authentication is not enabled. If you are not sure about how to create a strong password, we recommend learning more about the Total Strength Score and the benefits of the Cyclonis Password Manager.

How to identify ransomware emails and what to do about them

Ransomware emails have been spreading more aggressively in recent months because the conditions are favorable, but keep in mind that ransomware is spread by spam emails in most cases, even when the world’s population is not dealing with a pandemic. Here are the warning signs of a ransomware email:

• Work-unrelated content: If you have an email account dedicated to work, you are unlikely to receive shopping coupons, receipts, package alerts, flight discount codes, funny photos or videos, and other content that cybercriminals might use to lure you in.
• Out-of-the-ordinary message: If you receive an email from someone you do not normally receive emails from, and if the email’s subject line and content do not make sense (e.g., someone from the IT team asks to confirm vacation payroll), you should suspect foul play.
• Discrepancies in the sender’s address: You must always check the address and the sender’s signature at the end of the email to check if everything is in order. If you find something strange, you need to consider the possibility that you have received a malicious email.
• Attachment comes with no message: If you receive an email that has no message and only a strange file attached to it, you must remind yourself that ransomware is spread by spam emails using misleading attachments.

Overall, whether you work in an office, work remotely, or work alone, you must not ignore suspicious emails, whaling attacks, and phishing scams. You must report them to protect yourself and those around you. If you are part of a company, report the email to the IT team. If you work alone, report it to your email provider. Also, never let your guard down with every message that you receive, because you never know when you might become the target of cybercriminals.