By Mike Sullivan
Courtesy to The Bellingham Business Journal
Black Friday and Cyber Monday continue to be huge shopping spectacles. Brick and mortar stores are now opening on Thanksgiving Day, and Cyber Monday deals are extending through the following week. As these holiday shopping deals begin to appear, more and more people are shopping online. This puts them at risk to find more than just holiday deals on the web – many will fall victim to holiday malware.
It’s no secret that malware is a growing concern for corporate networks, and increased non-business traffic during the holiday shopping season can compound the issue. The result creates an ideal environment for email and web-based phishing attacks that lead directly to malware.
Some of the most successful attacks come from fake FedEx and UPS emails, which will probably be more prevalent during this holiday season. We’ve all seen the emails: “Your package has shipped. Click here to for tracking information.” Only, the link doesn’t lead to FedEx or UPS – it leads to malicious malware. These email phishing attempts are prevalent enough that FedEx and UPS both now offer samples of the latest attacks for consumer awareness.
The most damaging of the malware received in these emails is Cryptowall. Cryptowall takes down entire networks by encrypting files and then demanding a ransom be paid to have them unencrypted. It may also warn users that the decryption key will be deleted after a certain time period to pressure the user into paying sooner. The attacker may demand hundreds of US dollars in payment and the amount may increase after a specified time period. Even if the user pays the ransom, there’s no guarantee that the attacker will provide the decryption key needed to unlock their files.
Users can take steps to protect themselves and their data against Cryptowall and other malware by following these steps:
● Have current backups of your data. This is perhaps the most important aspect of protection. If your files are infected, you will not be able to get them back unless you have backups to restore them from.
● Use a business-class firewall to protect your network from attack. Devices like WatchGuard XTM firewalls have protection from advanced malware and zero day threats.
● Use an antivirus and make sure it’s up to date. These can help defend against ransomware as it blocks suspicious links and attachments in email messages.
● Be careful where you click. Even if you are expecting packages, be wary of any email that directs you to a link where you have to download anything.