Are Cloud email providers really secure from Ransomware?

2018-11-23T11:53:14+00:00July 2nd, 2018|
In our previous article on Phishing attacks, we took you through the process of identifying the red flags of a Phishing attack and how to make sure you don’t fall for the scam.

Whereas, that article focused on the process of a phishing attack itself, this article will focus on a new ransomware created by “white-hat hackers” called Ransom Cloud 0365.

This new attack uses phishing attacks to steal your email login credentials and release ransomware onto your account. This will then encrypt all your emails until a ransom is paid.

ransomware

This new ransomware will either target you one of two ways:

It will either be a MASS Phishing attack or an Orientated Phishing attack.

A Mass Phishing attack:

A Mass (Spam) attack is an impersonal email sent to lots of recipients, with no real target and depends completely on chance to achieve their goal of gaining access.

This attack isn’t targeted and tends to be easier to spot as there are no personal touches in the email.

spam attack

An Orientated Phishing attack:

Orientated Phishing (better known as Spear phishing) uses personalised emails to gain the trust of a specific victim. They tend to target you if you share a lot of personal information online (social media), this allows them to study you and write a targeted email based on what interests/fears you have. This makes it very difficult to identify this type of attack for what it is, a scam.

Even though the phishing email are automated, the emails are tailored with your name, what email provider you use (for example a Microsoft 365 email account) and even know the language that you speak so they can write the email specifically to target you.

Orientated attack

What happens if you enter your details?

The aim of these phishing attacks is to get a user to accept an application from a “trusted source” and have them give full access to said application/addon their account.

If you were to fall for this fake login then, the ransomware gains access to your email account and will then encrypt all emails in your account.

(See image below)

Ransomware encrypted email

This is an example of what your emails would look like if you were to have this Cyber-attack gain access.

However, by itself this is not an efficient enough security measure to protect against ransomware.

If you would like to discuss our Phishing training course, Email Back-up, Cyber security or have any questions feel free to contact us at riskmanagement@tecsec.co.uk or call us at 0114 223 8000.

What provisions could you have in place to try and prevent this from happening?

Training: By increasing the awareness of Cyber-attacks to all staff members, it will mean that they can identify one of these attacks (Mass (Spam) Phishing or Orientated (Spear) Phishing). By having this knowledge, they will recognise the red flags before trusting a login or download.

We advise that you don’t trust any email asking for details over email and to call the company you’ve “received” an email from before any further action.

Email Backup: By backing up your email accounts to your server, if you were to be infected with ransomware, you could wipe the infected drives and use a back-up to restore the email to its pre-infected state.

Similarly, if you were to back-up to your cloud email providers, you would either need to remove the application that is causing the encryption or delete the email account, recreate it and then reupload all the emails back to the account. Cloud providers don’t always back-up their clients’ emails and Microsoft, in particular, only allow restoration of deleted emails within 30 days.

Our retention policy for clients, means if you are left unaware for days, weeks, or months we can restore the files back to before the malware infection.

Two-factor authentication: By having two-factor authentication on your email account, it would add another layer of security to your account. Once two-factor authentication has been enabled, your email will only allow access to people with the code, generated by the authenticator, and be alerted whenever someone tries to access your account.

However, by itself this is not an efficient enough security measure to protect against ransomware.

The only way to ensure you won’t become a victim of this ransomware (Ransom Cloud 0365) is to make sure you look out for the red flags, train your staff and always ring and double check with your IT if a company is asking for details over email.

If you would like to discuss our Phishing training course, Email Back-up, Cyber security or have any questions feel free to contact us at riskmanagement@tecsec.co.uk or call us at 0114 223 8000.

About the Author:

This website uses cookies and third party services. Settings Accept

Tracking Cookies title

More content

Third Party Embeds Title

Some content