Two of the biggest cyber-security threats in the world right now have to be email phishing scams and ransomware incursions. Email phishing scams are those cyber-attacks which masquerade as email messages from trustworthy sources in order to incite victims to give up access to their system, passwords or other sensitive data. Ransomware meanwhile, is a particularly nasty kind of malware which takes control of a victim’s system by encrypting their data and demands a ransom be paid in order to return that control.
Here at Prosyn we always do our best to help small businesses do everything they can to improve their cyber-security and defend against threats such as those represented by email phishing and ransomware attacks. With that in mind, we believe that it is crucial for all businesses to quickly learn all they can about a new threat that emerged this week, which combines the elements of both an email phishing scam and a ransomware incursion. Forewarned after all is forearmed and that is certainly the case when it comes to this sophisticated ‘Maktub’ threat.
Earlier this week, a BBC radio program discussed a new email phishing scam that a number of companies and individuals – including one of their own reporters – had come across. As a result of that radio broadcast Andrew Brandt, an employee of a US based network and security company, revealed that the scam also had a ransomware element.
The official looking emails inform the unlucky recipient that they apparently owe significant amounts of money to a number of different UK businesses and charities, and provide a link to click in order to print an invoice. It is if they click this link that the ransomware known as ‘Maktub’ takes control of their system and as Brandt explained to the BBC it all happens in the blink of an eye:
‘It’s incredibly fast and by the time the warning message had appeared on the screen it had already encrypted everything of value on the hard drive – it happens in seconds…This is the desktop version of a smash and grab – they want a quick payoff.’
The Maktub ransomware then presents the user with its demanded ransom for returning control of their system and increases that demand over time. Initially, the ‘fee’ set stands at 1.4 bitcoins (approximately $580) for payment within three days and then increases incrementally in three day segments. The rapid nature and increasing ransom of the Maktub threat however, aren’t its only sophisticated elements.
The element which arguably makes this particular threat most sophisticated and potentially easy to fall for, is the fact that as well as the victim’s name the emails sent out also tend to include their postal address.
This is almost unheard of when it comes to email phishing scams and gives the messages an extra layer of viability which induces many more people to click the dangerous link included. Since the threat was identified, investigations have found the postal address in the messages to be disturbingly accurate but have as yet not identified how the scammers got hold of them. It has been speculated however, that data may have been stolen from or leaked by an online database.
It is always recommended that you are careful and cautious when it comes to any unusual emails and in this case specifically if you receive a message of the type described above, you should in no case click an embedded link. If you need any further advice regarding cyber-security or your IT systems in general, do not hesitate to contact Prosyn today.