93% Of Phishing Emails Are Now Ransomware (csoonline.com) 79
According to the latest data from security firm PhishMe, 93% of all phishing emails as of the end of March contained encryption ransomware. The numbers underscore a growing trend in the security space as ransomware instances in phishing emails grew up by 56% since December last year. From a report: The anti-phishing vendor also counted the number of different variants of phishing emails that it saw. Ransomware accounted for 51 percent of all variants in March, up from just 29 percent in February and 15 percent in January. The skyrocketing growth is due to that fact that ransomware is getting easier and easier to send and that it offers a quick and easy return on investment. Other types of cyberattacks typically take more work to monetize. Stolen credit card numbers have to be sold and used before the cards are canceled, for example. Identity theft takes even more of a time commitment.
Re: (Score:3)
The legal system hasn't caught up with them.
It should be a capital penalty on some of those crimes, especially when it comes to ID theft for profit.
Re: (Score:2)
We don't need any penalties at all for this. If people would stop running Windows, this wouldn't be a problem.
Re: (Score:2)
Scammers and fraudsters don't care about operating system, they just want to get your money.
Re: (Score:1)
And if people would stop crossing the street, they wouldn't get run over by a drunk driver. It doesn't make the offender any less guilty for knowingly breaking the law.
Re: (Score:3)
Re: (Score:2)
Or technology. Ransomware doesn't need admin privs to be effective, all it needs to do is encrypt every file you have write access to. It will work just as well on Linux(*) as on Windows.
* Excepting possibly an isolation system like QubesOS, again excepting VM escape exploits.
Re: (Score:3)
If the virus will be able to penetrate their [Windows] system, they can quickly gain access to important parts of the system. On the other hand, in Linux, they have a lower access rights, and, theoretically, the virus can only access local files and folders, the system will remain safe.
Data is more imortant than the system - the system can be restored. We are talking about data encryption here.
Re: (Score:2)
And how exactly do you get malware to run on a Linux computer?
"Please download this attachment, then open up a terminal window, use 'chmod' to change the permissions to 755, then run the program by typing './runmalware.sh'"
Sorry, but anyone dumb enough to run random software from an email from a sender they don't know is not going to have a clue about how to make a downloaded file executable.
Re: (Score:2)
Re: (Score:3)
Seriously?
If anything, it would be easier to encrypt files in Linux because the attackers don't need to bring all the tools with them.
If everyone running Windows today switched to Linux, you can bet that the malware people would rejoice since the very utilitarian nature of Linux would then be working in their favor.
Re: (Score:2)
They could quite literally replace their comparably huge payloads with a very small script...
Re: (Score:2)
They'd still need to get their key on the target machine so they'd still need more than just a script.... but once they did...call up gpg using THEIR gpgdir. Probably something like this, but most likely my syntax is wrong:
for x in *; do
gpg --homedir rodinamafiyaphishgpg -r rodinamafiyaphishgpg@yandex.ru --passphrase correcthorsebatterystaple -o $x.pgp -e $x
done
Re: (Score:2)
Nope. Works just as fine in Linux or Mac.
Why?
For the same reason it works so great on Windows. You need the permissions of the current user to manipulate (read: encrypt) all his files. Anything beyond, like wedging a resident part into your boot routine, is just icing on the cake, but not really mandatory for the attack to succeed.
Re: (Score:2)
We don't need any penalties at all for this. If people would stop running Windows, this wouldn't be a problem.
No. Phishing is operating system agnostic. You can receive fake emails on linux (I get them almost every day), windows, osx, ios, Android, etc. Every operating system has email clients that allow you to click on links in an email to be lured to a fake website, or reply to emails with personal information.
The problem is, the ransomware emails are not phishing. They are simply booby-trapped email. Phishing means you are trying to hook a victim into revealing usable information by either replying to the email
Re: (Score:2)
Yeah, I wasn't talking about phishing, I was talking about ransomware only. And yes, it would be eliminated by using Linux. No, it wouldn't be replaced, unless some company were stupid enough to create and popularize an email client that automatically executes code contained in an email attachment (or downloaded from a site pointed to by the email), and people were stupid enough to use this client in ridiculously huge numbers.
Re:Its a shame (Score:4, Informative)
One of the problems is jurisdiction. When the police were investigating my identity being stolen (used to open a credit card in my name, not related to phishing/ransomware), they told me that they weren't highly motivated to put in a lot of effort because they'd likely have to hand the case to another department to make the arrest. In their minds, they were asking why do the work when someone else would get the collar. Then there are international cases where the victim is in the US but the phisher is in Ukraine or some other country out of the reach of normal US law enforcement. As long as the phisher doesn't hit too big of a target (e.g. a major US government agency or Fortune 500 company), they will likely fly under the radar of law enforcement and/or pleas to local law enforcement will be made but they will not result in arrests (either due to corruption or lack of interest in pursuing these cases due to the victims being from another country).
Re: (Score:2)
The legal system hasn't caught up with them.
It should be a capital penalty on some of those crimes, especially when it comes to ID theft for profit.
Before the terrifying prospect of punishment is going to make a difference you have to first increase the prospect of actually being caught. Otherwise the threat of punishment is just whining.
Re: (Score:2)
And the lack of penalties as well. If the risk of stealing would mean that you lost your head literally you would be a lot more careful.
Re: (Score:2)
Nope. A lack of a chance of being caught is the problem. Not the punishment afterwards.
There are crimes that are virtually unheard of. Despite carrying rather minor penalties. How many people do you see jaywalking in the vicinity of areas with a lot of police presence? The penalty isn't that crippling, but it's almost certain that you will get caught and it's just not worth it. Same for speeding in areas where you KNOW that there is either a police presence or a radar box waiting for you.
Now compare this to
Re: (Score:2)
Make the punishment for considering thinking about aiding in any kind of computer crime an offense that gets as the ONLY and MANDATORY kind of punishment being hung, drawn and quartered live on national TV. And you will not even see a dent in those statistics.
Why?
Because people who live in a country the name of which ends in -stan don't give half a shit about what laws your country has.
Re:Its a shame (Score:4, Funny)
we cant put as much effort into catching these fraudsters as we put into catching underwear bombers.
The bombers come to you, all you have to do is grab their junk.
Re: (Score:1)
we cant put as much effort into catching these fraudsters as we put into catching underwear bombers.
But there have been more of the fraudsters caught than the TSA has caught underwear bombers. So at least the effort has been more effective.
I have a solution to this (Score:4, Funny)
Re: (Score:2)
Yeah, there's a really easy technical solution: stop running Windows!
Re: Technical solution (Score:3, Insightful)
Windows has nothing to do with the problem other than being the prevalent OS. Windows had UAC which should help prevent these types of issues but rabsomeware operates on the user's directories so it has permission to modify files. Mac OSx would allow the same. Linux also... You don't need root to house up a user's files.
The basic problem is that you can't fix stupid.
Re: (Score:2)
Re: (Score:2)
Unix systems (Linux, OSX, etc.) are much more secure and require direct user intervention before much damage can be done. That's why you only see these infections on Windows. Really, Windows is a security nightmare and can't be fixed.
And what's our suggestion to friends and family? (Score:4, Interesting)
I'm scared of my mother calling me one day telling me "I've lost every picture from all my life and a guy is asking me $10K to recover them".
By that point it will be late to tell her "shouldn't have been storing them in a disk permanently attached to your windows laptop".
But I don't know how to stop her. I won't convince her to use linux. I won't manage to teach her not to execute random crap once per year.
Should I trust hard drives to store data for decades?
Re: (Score:2)
Have good, versioned backups. I like CrashPlan, as one can use it to backup to various destinations, including local systems/disks, remote systems associated with one's account, remote systems belonging to others (so long as they give permission), and for paid users, to the CrashPlan-run storage service.
All backups are encrypted so that the destinations cannot access one's data, it keeps regular versions so one can easily recover from a ransomware (or other) infection that corrupts or destroys files slowly
Re: (Score:2)
The trouble with that is, after remembering a couple of times the job will then be forgotten.
Whatever it is, it has to be automated.
Re: (Score:2)
Carbonite.
Yeah, I could manually back up everything onto a separate hard drive every month or something, but Carbonite (and similar backup solutions which I'm sure exist) you just install it, and everything's backed up continuously. With versioning, even, so you can get last week's version back if you get cryptowalled.
It's not the most elegant and techy solution, but it's a 'fire and forget' solution that just works.
Re: (Score:3)
Our suggestion is that they make backups of their valuable data... and since that may not be something they are confident/knowledgable enough to do on their own, if you want to make sure it gets done, you may need to set it up (and occasionally check up on it) yourself.
On Mac, setting up a Time Machine backup drive is pretty trivial to do. For Windows, similar solutions exist. For a laptop, there are solutions that back up data via WiFi, if plugging in an external drive is too much bother. In either case
Re: (Score:2)
And the backup needs to be done in a way that guarantees profilaxis from the ransomware.
I think from now on, when visiting parents and sisters I'll bring a usb bootable linux and a hard drive that I'll take back with me.
I predict much debate over what's "Important to keep".
Re: (Score:2)
I predict much debate over what's "Important to keep".
I find that debate can be avoided by spending the extra $20 to get the Absurdly Huge External Drive (rather than just the Impressively Huge model). Then you can just back up everything and call it a day.
Re:And what's our suggestion to friends and family (Score:4, Informative)
Re: (Score:2)
For some people education works. My father called me when "Windows" (not Microsoft) called him telling him he had errors on his system and they wanted to remote in to fix them. I informed him of the scam and he avoided being hooked. (Now he harasses the scammers calling him.)
For others, education doesn't work. My wife's grandmother still clicks on suspicious links in Facebook because "Well, it was on my friend's wall and said I'd get this free stuff so it must be good, right?" This despite a dozen "No
Re:And what's our suggestion to friends and family (Score:4, Funny)
I'm scared of my mother calling me one day telling me "I've lost every picture from all my life and a guy is asking me $10K to recover them".
By that point it will be late to tell her "shouldn't have been storing them in a disk permanently attached to your windows laptop".
But I don't know how to stop her. I won't convince her to use linux. I won't manage to teach her not to execute random crap once per year.
Should I trust hard drives to store data for decades?
Just go ahead and delete it all now, that way no harm can come to the files.
Re: (Score:2)
Tell her now, with current news articles in hand, that this is the risk you run by using Windows. If she won't listen and move to Linux, then too bad: she was warned.
Re: (Score:2)
I had the same problem with my father.
What I did was to arrange for all his files to be rsynced daily to one of my servers, which in its turn was backed up nightly.
We had a couple of instances of him accidentally deleting stuff and I was able to restore it for him easily. Happily he never got hit with any malicious software - not after I weaned him of Windows anyway.
Re: (Score:2)
I'm scared of my mother calling me one day telling me "I've lost every picture from all my life and a guy is asking me $10K to recover them".
Yup, this is a real, justified fear.
It's wise to not attempt to switch her to Linux -- she'd probably fight that (it's too different for most people without any real benefits for what they do), and it's not really a solution to the problem anyways.
Probably the best answer to this is to buy her a big USB hard drive and set up some sort of backup that she can run just by clicking on something, and drill into her head how important it is to 1) do the backup occasionally. and 2) leave the drive off when you're
Re: (Score:2)
Apparently many of these malwares also encrypt data on attached volumes like Windows shares and the like. It seems to me that the best approach is a 'pull' solution, where Mom keeps her photos in a place that's shared on her network, and then another machine does periodic backups of that share. Mom's computer doesn't have write access to the pulling machine, in fact doesn't even know or care that it's there. So the backups are safe.
That means having a linux machine in the house to do the pulling. Build
What percentage target Windows vs. Mac. Linux? (Score:1)
Re: (Score:2)
Yes, but only because people use predominantly Windows. If they used Linux, we'd probably get to see a lot of phishing mails that hope for people who run shell scripts that look like PDF files...
Good ol' capitalism (Score:2)
Are you honestly complaining that they noticed that nobody falls for 419 scams and penis enlargement anymore and instead of wanting a government bailout to prop up their failed business they went to a more profitable venue?
What is wrong with you, are you commies or what?
What average home users need! (Score:2)
Imagine an external drive connected to the laptop/PC via USB (Thunderbolt, etc). Minimum double bay set at RAID-1. Owner can read and write to the drive. Attempts to delete or modify files or folders on the drive will fail though. A physical, hardware lock needs to be "turned" to enable that capability.
This would prevent ransomware (of that drive's data anyways). It would also help prevent accidental deletes of files.
Does such a unicorn exist? I'm not looking for some half-baked alternative.
Re: (Score:2)
The answer is called "archives." It's different from backups. I'm working on a script to use xorriso to write only my changed files to BD-R[E], after an initial full write of all my important data (self-created data, financial records, important email dirs, all amounting to only 4-5 GB).
I can even run this several times per hour when doing high value work, such as electronics design/embedded software engineering. The overhead is small, a few MB per session, just to write out a few changed files and a ne
Guaranteed no phishing -- Click here! (Score:2)