Phishing, the art of stealing passwords and confidential information using trickery and gullibility, is a continuously evolving art. It can be very simple to very complex, but draws in enough victims to be highly profitable and something that is not going away anytime soon. Rather, it evolves into things like Cryptolocker, and we must stay ever vigilant to combat it.
Cryptolocker is a particularly nasty attack. Using the same methods as phishing, the goal is to trick the user into clicking (and thereby allowing access) on an attached executable file or visiting a malicious website. This malicious software then proceeds to encrypt the user’s data and subsequently blackmails them to pay up or lose everything. There is a time limit as well, which means that most users simply end up losing everything before they can seek help. The best plan of action though, is to spot and avoid the attack in the first place.
If you have been the victim of a cryptolocker attack, there is a recently launched website that can help. www.decryptcryptolocker.com from FireEye and Fox-IT has figured out the encryption used by cryptolocker and can give you the master decryption key.
That said, preventing the attack in the first place is the best protection. Here are five very important preventative steps you can take so that you never have to deal with the frustration of a phishing attack.
Five steps to avoid phishing attacks:
- Education — the first is the most important. Learn to pick out the phishing emails from the real emails. Know that emails can be made to look like they come from someone you know. NEVER trust an executable file that arrives as an attachment. If you didn’t specifically request an attachment from a sender, be suspicious of it.
- Update your antivirus program — this is not a hard thing to do. First, make sure you have some sort of antivirus software installed. Second, make sure it updates its pattern files regularly. Third, schedule scands to occur weekly.
- Check your accounts often — there is no harm into checking your bank accounts, personal data accounts, or whatever accounts you consider private as often as possible. Look for any suspicious activity that might indicate a compromise.
- Trust your gut — if you have any doubt at all about clicking on that link, don’t do it. If it’s asking you to log in to your bank account and you aren’t sure, go directly to your bank’s website instead. If all the logos and information looks correct, but something seems off (phishing attacks rarely use proper grammar for instance), don’t click it. The best medicine for avoiding phishing attacks is continued vigilance.
- Additional tips and markers of phishing attacks can be found at the Department of Homeland Security’s US-CERT website.
In the end, just like the cartoons of the 80s taught us, knowing is half the battle. Cryptolocker is a nasty, unfortunate evolution of phishing attacks. This is not a locker you want to be shoved into. With the right education and preventative methods, you can brush phishing attacks aside.