dialog background

User tips to avoid being hit by cryptolocker attacks: Common mistakes that lead to virus infection

Posted August 18, 2016
Quote

Understand how your staff usually respond to virus attacks and know how they play a crucial role in your business IT security.

By Daniel Clark, Information Systems Manager: Construction & Mining industries

cryptolocker-articleAfter dealing with many virus attacks and solving them on our clients’ behalf, I have realised some similarities on how users respond to the attacks targeted to their companies. This article aims to help your business to understand how viruses make their way to your network and demonstrate how your staff play a crucial role in IT security.

Believe it or not, the situation below happens more often than you think:

Step 1: A user receives an email from an unknown source and opens the attachment.

+

Step 2: The email looked legit but the end user admits they did not know the sender.

=

RESULT: This is exactly how easy it is for a Crypto virus to be let into your network.

Crypto viruses and their derivatives are the hardest viruses to combat because the means that the perpetrators use to get past Antivirus scanners changes all the time.  Basically, they pray on the innocence of the end user.  The only real way to be on top of a potential outbreak is to have end users that are aware of how these viruses are spread and for them to be vigilant when opening links or attachments in emails.

There are checks to be made when opening emails and ways to clear uncertainties… Here are the main questions to ask when identifying and avoiding harmful emails:

  • Do I know the sender?
  • Do I know the company the sender represents?
  • Do I have a reason for this sender or the company to be sending me an email?
  • Do I really need to go to that link that is in that email?
  • Is there any real reason for me to open that attachment?

If the answer to ANY of those questions is NO, then you shouldn’t be opening links and attachments within the email. As simple as that!
If you are unsure or accidentally opened a link or an attachment in a suspect email, contact Bremmar straight away (or your service provider) for advice. As I like to say to my clients: “I would much rather spend 5 minutes with an end user looking at a suspect email than 4+ hours restoring data and removing a crypto variant.”

Here are some examples of virus emails that can trick you:

Invoice – Balance due          AusPost – Redeem parcel         QuickBooks payment         Payment receipt

Can you tell if the email contains a virus when you receive it? What to look for?

Using the email mentioned above, Invoice – Balance due, you could assume the below:

  1. The attachment looks like a legit document, however, when you open it nothing happens.  Easy enough to fool people into opening though unless they are vigilant.
  2. The sender’s address is not a normal email address, i.e if you receive an email with a “.de” on the end it means it has come from Denmark and not “.au” as most emails for your business would be.  So you would have to ask yourself: “Do I deal with anyone or need to deal with anyone in Denmark?”. Also, if you receive an email from AusPost and the sender’s email is something completely different to @auspost.com.au, or is a variation of it, there’s something wrong!
  3. Finally, some introductions are generic and not addressed specifically to you, such as “Dear porthedland”, which is grammatically unjust.  These sorts of emails are generally bulk sent from foreign countries and will often contain spelling or grammatical mistakes.  However, this may not always be the case in future iterations as the senders get smarter.

The last and most important advice is: Please notify and educate all your staff not to open attachments in emails from senders they do not know, nor should they click on any links that may be in emails sent by people they do not know.
To help you out, we have created a sheet which you can print or forward to your staff with the main questions to ask when opening an email and traits of virus emails to look for. Click here, print this information and paste it on your notice board, or share it with your staff.

If you’d like some guidance to protect your business infrastructure, or would like us to review how secure your systems are, call Bremmar today on 1300 991 351, or email help@bremmar.com.au for a free, no-obligation consultation.

By Daniel Clark, Information Systems Manager: Construction & Mining industries

As a Client Information Systems Manager, I’m the go-to person for the Construction and Mining industries and help businesses of all sizes transform their digital capabilities and modernise their workplaces, using a targeted and industry-specific approach.

Back to articles

Previous Articles