Never open attachment from suspicious email
Everyone who has e-mail addresses experiences unexpected messages sooner or later.
Usually these spam emails are just newsletters or some other form of unwanted advertisement, but not every spam is harmless. Numerous phishing campaigns are distributed via email, and same goes for viruses, trojans and in recent years ransomware.
You should always take extra attention when dealing with suspicious e-mails from unknown senders and especially if they contain attachment that supposedly contains something you need to see.
Do not rely on spam filters, a lot of harmful emails may actually pass filters, that is until enough people flag them as spam.
This article covers some of the basics about potential dangers of email attachment and be aware of the latest computer threats that may compromise your computer, or even mobile device.
Why are unknown email attachments potentially dangerous?
The answer to this question is actually quite simple, because they can easily be something else, for example viruses or malware that will infect your computer when you open the attachments.
What may seem as a .pdf document or .jpg picture, can easily be JavaScript file with it's suffix renamed.
In this scenario, when you open the attachment, the script will launch and do its infernal work in your computer. A simple click may ruin your whole computer and your data.
Locky ransomware email spam
The above picture is a spam email that distributes Locky ransomware. Notice that the attachment looks like MS Word document, but in reality is a Java Script that infects your computer. That's why when dealing with your e-mails, the golden rule should always be:
!!! NEVER OPEN E-MAIL ATTACHMENTS FROM UNKNOWN SENDERS, NEVER !!!
This also means that users that have their file extensions hidden by default are the most vulnerable, simply because with the real extension obscured, such users are easy prey for distributors of spam emails with dangerous attachment.
We have covered the topic about showing / hiding file extensions in Windows in another of our of articles called Show and hide file extension in Windows 10.
Even if you think that your anti-virus will protect you, it is unlikely it will catch some of the latest ransomware campaigns. Never heard of ransomware before? Well, lucky you.
What is ransomware and how does it work?
Ransomware is one of the latest trends in malware. When executed on user's computer, ransomware typically encrypts and renames any useful data found on the computers, mainly documents and photographs, however the list of affected file type is usually very broad and specific for each ransomware.
Nowadays, dozens of ransomware exist and all of them work in pretty much same way. The malware encrypts your files via JavaScript, then the authors "offer" you a way to buy the decryption key, so you can recover your files. The cost is usually in Bitcoins (BTC) to make it impossible to track down the authors (criminals really).
Some sort of information window appears on affected computer with instructions how to pay for the key (ransom) and in some cases there is also time limit before the key will be destroyed and it will be impossible to recover the data.
Example Locky information window
How is ransomware distributed?
The main way of ransomware distribution is through spam e-mail messages with file attachment.
The attachments typically look like a PDF or MS Word document, picture or a ZIP archive that supposedly contains some invoice or some other document for the recipient.
Authors of ransomware e-mails often try to mimic standard semi-legit e-mails send by banks, delivery services, web stores to fool users into opening them. These scam emails are usually send in waves, when a new strain of ransomware appears a new series of e-mails is distributed. That's why they often pass spam filters in e-mails clients, which makes the appear more legit.
That's why giving extra attention to your email attachments is even more crucial now, because a simple click may destroy all your photos or work documents.
How to protect from ransomware?
Let's repeat once again what was said before, do not open email attachments from suspicions emails. This alone will protect you from vast majority of ransomware.
Except for that, having anti-virus never hurts and if you regularly backup your data, you should be more or less prepared for any unexpected ransomware visit.
What to when my computer gets infected by ransomware?
The very first thing you should do, is to determine what kind of ransomware affected your computer, because that will dictate how you will proceed to restore your computer / files.
Most ransomware use unique file suffixes for the encrypted files, so they are pretty identified. However, there most recent trend is to remove the suffix altogether, which can make identification somewhat harder for inexperienced computer users.
We try to keep our ransomware file type collection updated, so it's always worth checking. Once you know the type of ransomware, you have to look for decryptor - if it exists. Yes, IF, because for a lot of the ransomware a decryptor simply does not exist.
Some dedicated websites such as BleepingComputer can give you useful information and links for each particular ransomware. The website even has forum section for users affected by ransomware, so definitely worth checking, if you happen to be a victim of ransomware.
But safe to say, it's not that easy to get rid of ransomware and restore your files, especially if you do not backup your data. Hence another important lesson:
!!! ALWAYS BACKUP YOUR IMPORTANT DATA, ALWAYS !!!
