Ransomware groups are on the prowl, could you be their next target?

Ransomware groups are on the prowl, could you be their next target?

Two new ransomware groups targeted public CEOs and telemedicine groups.

by John Curtis and Kurt Knutsson

If malware and viruses weren’t enough to worry about, everyday people continue to be subjected to ransomware, software designed to block access to networks, systems and files, often in the form of an email or contaminated app, until a sum of money, usually around $300 or so is paid. More often than not, the ransom note includes a threat of blackmail.

TheDigitalArtist-pixabay

Recently two ransomware groups went straight for the top, targeting CEOs in public companies, and employees in telemedicine.

Incriminating evidence

First spotted this past August, Venus is a ransomware group reported by the U.S. Department of Health and Human Services to be targeting healthcare organizations.

However, after reportedly having some trouble getting paid, Venus has since shifted to targeting CEO in public companies. Framing them for insider trading, by carefully manipulating their emails and turning them into incriminating messages.

Targeting the meek and mighty

Meanwhile, another ransomware group known as CLOP has continued to target healthcare professionals, by sending them malware disguised as ultrasound images or medical documents.

CLOP even went a step further, this time by blackmailing the clients of the ransomware victims, urging them to tell them to pay up or their personal information will be leaked to the dark web.  Reports have shown that members of CLOP were part of a longstanding malware group called TA505, known for frequently changing their malware, and influencing trends.

 

How to deal with ransomware

Unfortunately, it’s not only the rich and powerful who find themselves saddled with ransomware. It could sadly happen to any of us. Should you find yourself being told to “pay up, or else”, fear not, as there’s a more than likely chance you may not need to pay a cent.

 

Determine what kind of ransomware you have

Fake Ransomware

If you come upon a ransom note but can access your files and applications, then you probably weren’t hit by real ransomware, and have little to worry about. For good measure though, wise to force quit all programs, restart your computer, and run any anti-virus software for good measure.

Screen locking ransomware

Screen-locking ransomware occurs if you can’t get past the ransom not, or you receive a notice from the police, IRS, or FBI claiming you owe them money. Screen-locking ransomware isn’t as bad as it could be, as long as you follow these steps.

  • Go offline before the ransomware can spread, and disconnect your machine from any external hard drives or other devices
  • Take a screenshot or photo of the ransom note to give to the police
  • Reboot your computer in “safe mode”, it will re-start and run antivirus software.

Encrypted Ransomware

If you are having trouble accessing any of your files or downloads, then you have likely been hit with encrypting ransomware, which could pose a more serious problem. Should this happen, follow the above steps as if it were screen-locking ransomware, and then:

  • See if you can open or recover any files which you couldn’t earlier
  • Use a program like crypto sheriff to try and determine what kind of ransomware you were dealing with.
  • Run any decryption tools you might have
  • Restore all files from your most recent backup.

 

How to avoid ransomware

Generally speaking, a bit of common sense will protect you from ransomware more than anything else, as the best ways to avoid becoming a victim are:

 

Should I pay the ransom?

This is, in fact, a rather difficult question.

If the ransom note seemed to be fake, or you were sent screen-locking software, most would say no since they were easily flagged as feeble attempts to con you.

In the case of an encrypted file, however, it can be a little more complicated. The crooks will likely uncover the files after payment. However, that is in no way a guarantee.  Even if the ransom amount is not something that will put you in financial ruin, you will still be enabling the hackers by paying them.  This is why most tech companies, not to mention law enforcement, strongly advise against paying.

Be sure to pass along this information to anyone older you love, and look out for other scams that are on the rise.

 

Related:


   

Leave a Comment

GET MY FREE CYBERGUY REPORT
Subscribe to receive my latest Tech news, security alerts, tips and deals newsletter. (We won't spam or share your email with anyone else.)

By signing up, you agree to our Terms of Service and Privacy Policy. You may unsubscribe at any time.

Tips to avoid our newsletters going to your junk folder