Business losses from ransomware aren’t going away. In fact, the latest version of CryptoLocker, 3.0, is considered the most advanced and most damaging ransomware in the wild at the moment, and it’s targeting U.S. businesses and individuals.  We can all take action at our computers every day to help avoid ransomware.  Here’s how.

IT security awareness training firm KnowBe4 reports that the FBI, through their Internet Crime Complaint Center (IC3), released an alert on June 23, 2015 that between April 2014 and June 2015, the IC3 received 992 CryptoWall-related complaints, with victims reporting losses totaling over $18 million. And that is only the reported part, the estimate is that the actual infections are at least two or three times more. Going by the reported incidents only, it’s a $70 million per year criminal enterprise, but in reality it looks more like $200 million which is unbelievable.

Some quick math shows $18,145 in costs per victim, caused by network mitigation, network countermeasures, loss of productivity, legal fees, IT services, and/or the purchase of credit monitoring services for employees or customers. As you can see, the total costs of a ransomware infection goes well above just the ransom fee itself, which is usually around $500 but can go up to $10,000.

Here’s how ransomware is engaged (also called infection vectors) sorted by frequency:

  1.  Phishing email with infected attachment
  2.  Phishing email with malicious URL
  3.  User clicks on infected ad
  4.  User visits infected website

Let’s take a look at each one.

Phishing email with infected attachment

We’ve all been told hundreds of times NOT to click on attachments in emails from people we don’t recognize or that have strange file names.  But it can be so tempting.  Remember these tips:

  • Don’t open or preview email from people you don’t know.
  • Don’t open files you weren’t expecting.
  • Don’t open cryptically-named files unless they are specifically introduced.
  • Don’t unsubscribe from spam, just delete.
  • Never open requests for financial information, passwords, requests for help or offers of help.

In mid-July, the cheating site Ashley Madison was hacked and the hackers threatened to release embarrassing information on millions of users.  KnowBe4 reports that within days phishing emails were being sent to registered users with a link to find out if their personal data has been released.  Spammers, phishers and blackmailers will have a field day with this, and users are highly motivated to click.  Don’t.

Phishing email with malicious URL

This is where the entire web address is exposed for you to see.  Sometimes they’re easier to spot as malicious because they don’t make any sense.  Legitimate web addresses for companies include some form of the company name and often a logical string of words and numbers, such as dates.

For example, a link to a CRU blog post on protecting from ransomware looks like this:

Be suspicious if the URL includes words that don’t make sense and apparently random letters and numbers.   Otherwise, employ the same cautions as you would with an email attachment.

User clicks on infected ad

This can be hard to avoid. Infected ads (also called “malvertising”) are carefully designed to look legitimate, and unfortunately you won’t know until it’s too late.

We’ll talk in a future post about technology you can apply to your network to proactively block unsafe sites.  In the meantime, while it takes a few extra steps, if you’re interested in an ad it’s safer to do a Google search and go directly to the site rather than clicking through the ad.

User visits infected websites

Again, this one is trickier to avoid.  For known infected sites, search engines may alert you when you do a search.  If you see the warning, avoid the site.  Otherwise, avoid sites with offers that seem too good to be true, or that cover topic areas that are illegal, immoral or unethical.  Obviously, no process is fool-proof and legitimate sites are routinely hacked, but be smart when you’re searching online.

User education and action are key to avoiding ransomware. Share this post below to help keep your friends, family and colleagues safer online.