Alert: A clever new type of ransomware attack
David Thomas
Recently retired business owner. Watch this space for what's next (won't be IT)!!
Welcome to Bitesize Tech Advice.?My aim with these newsletters is to avoid boring tech talk and instead provide a mix of unique content and content from other providers, that will help keep you informed of technology developments that will help you and your business. Click Subscribe above to be notified of each edition.
It seems like we’re talking about cyber scams a lot at the moment; it's certainly an increasing topic of conversation within IT support companies who are seeing attacks on their clients. And now there’s another new trick you need to be aware of.
Cyber criminals are smart. They’re forever coming up with new ways to infiltrate your devices and networks to access your valuable data.
Fortunately, the defence weapons continue to get stronger and stronger to help keep you protected. Some email systems are now especially good at identifying malicious messages and threats.
But if your website has a contact form – and most do – you face a new threat. That’s because cyber criminals are using web forms to spread malware.
They pose as a potential new customer and ask you to provide them with a quote for your goods or services.
Once you email your reply to their request, they’ll send you over a special kind of file – known as an ISO file – which they say is relevant to your conversation. The best advice here is to not get too excited by the enquiry before you've checked that the contact actually exists.
Crucially, this file won’t be attached to the email. They’ll send it via a file-sharing service, such as WeTransfer. This is to help to avoid your email provider’s protection.
Think about the psychology of what’s happening here. Whoever in your business is managing this conversation thinks they’re talking to a prospective new customer, and is much more likely to open the files without thinking.
领英推荐
The fact the conversation started with a contact form lowers their natural scepticism. They just want the sale!
When you open the file, it will give the cyber criminals remote access to your device. And that can allow them to access your full network. They can then launch a malware or ransomware attack.
The latter is something you want to avoid at all costs. It’s where your data is encrypted so it’s useless to you. And you have to pay a large ransom fee to get it back… with no guarantees the payment will work.
Experts think this form of contact form attack was first tested on large businesses in December 2021. And believe it’s now becoming more popular.
It’s vital that you and your team check requests sent via your website are genuine. And never, ever open any files emailed over unless you trust the source 100%. Remember, think before you click.
If we can help keep your business protected or train your team on the big threats to be aware of, please contact us.?
Like this newsletter? Don't forget to "Subscribe" to get future Bitesize Tech Advice sent directly to you.?Comment below with your thoughts, and thank you for reading!
Published with permission from Your Tech Updates.
Proprietor at DT Procall
2 年Thanks for the info David. Always worth looking st later scams
Helping UKI Partners to build joint GTM propositions at Trend Micro
2 年Very glad to see you sharing your experience Dave! Regarding SMBs, I would wager that unfortunately a significant number don’t even realise they have been a victim of a cyber attack - contrary to popular belief, ransomware is dropped at the end of an attack, not the beginning. This issue is partly due to the global skills shortage in cyber, and so SMBs may not have the budget, proper processes or expertise to know what to look for. 99% of the time they will undoubtedly have blind spots in their environment that are letting them, their supply chain and their customers down.