Ransomware on the Internet is now at critical juncture

by | Mar 30, 2016 | Security

Nobody is safe from ransomware on the Internet

Due to the recent increase in the amount of ransomware on the Internet, our network security partner, Network Box, has raised its alert level to 4. So, what exactly does that mean?

Ransomware on the Internet is everywhere. Currently, there is serious malicious activity affecting Internet services globally.

New variations of delivery mechanisms for this ransomware are popping up every few hours. While most are coming in via eMail, be forewarned that using trojan downloaders to download the actual malware over HTTP/HTTPS protocol, techniques such as ad network compromise on popular HTTP/HTTPS websites are being used.

Two new variants appeared last night, using .js (javascript) files enclosed in a .zip file, as an attachment to an eMail.

That said, please check your box configurations immediately and follow these tips from our partner.

1.      The majority of this ransomware is coming in as trojan downloaders, or links, in eMails. The eMail attachment contains just a downloader, and the malware itself is downloaded using the HTTP or HTTPS protocols. Accordingly, please ensure that both eMail and web traffic are scanned.

2.      Due to the common use of the SSL encrypted HTTPS protocol for this, and other malware, please also ensure you are using HTTPS scanning for desktop workstations and servers. If you are still running NBRS-3, arrange for an upgrade to NBRS-5 as soon as possible, so as to be able to protect their HTTPS traffic.

3.      We recommend that you block executable attachments for incoming eMail. Both NBRS-3 and NBRS-5 can do this, either by simple extension block or by smart content recognition. The ‘.js’ extension (javascript) should, in particular, be blocked as an eMail attachment. The NBRS-5 platform offers additional heuristics for detection of executable code in eMail messages, via its ‘exe’ classification.

4.      Often, eMail messages containing broken malware fragments will be blocked as spam. That is expected, and an effective anti-spam policy (quarantine spam messages on the box), should be enforced.

5.      This is a good time to remind users NOT to open attachments in incoming eMails, even if that eMail says it is from someone they know. We suggest rechecking and reconfirming with the sender, if you are not 100% confident. Be suspicious, and be vigilant.

Malware on the Internet is everywhere right now. Please be safe and contact us if you need any assistance protecting your network.

YOU MIGHT ALSO LIKE:  Ransomware Education: Tips, Tools & Tricks for the IT Manager

Tracy Rock is the Director of Marketing at Invenio IT. Tracy is responsible for all media-related initiatives as well as external communications—including, branding, public relations, promotions, advertising and social media. She is one busy lady and we are lucky to have her!