As you might expect, a dodgy phishing email is the crooks’ method-of-choice for getting their harmful software on to your machine — while the message appears to come from update@microsoft.com, it most certainly doesn’t, and the attached installer should be avoided at all costs. Don’t let the promise of a free upgrade tempt you if an email like the one below should happen to hit your inbox.
If you are foolhardy enough to install the attachment, you’ll be met with a chilling message saying your files have been encrypted and you’ll need to pay cold, hard cash to get them unlocked again. This type of ransomware is often used by scammers to force people to stump up money in order to get their valuable data back. There’s no easy way around a malware program like this once it’s taken hold, so prevention is much better than cure.
“Adversaries are always looking to leverage current events to get users to install their malicious payloads,” reports the Talos Group at Cisco. “This is another example, which highlights the fact that technology upgrades can also be used for malicious purposes.”
The firm recommends making sure all your important files are backed up and stored somewhere off-site just in case a malware attack gets through your PC’s defenses. This is actually good practice to combat all kinds of potential problems, from your computer room getting flooded to your kids accidentally deleting data they shouldn’t have access to.
