Watch Out for “Scarab”: It Comes in Sheep’s Clothing!

Ransomware has become the number one digital threat in the world. According to the FBI, ransomware payments in 2016 were estimated to be over $1 billion. This year may soon top that record, with one of the latest ransomware attacks, named “Scarab”, being distributed via phishing emails. Within the first six hours of its launch on November 23, over 12.5 million malicious emails were sent.

The email contains a zip file attachment disguised as a scanned document that when opened contains a script that will infect the victim’s computer with ransomware. There have been reports of the email subject line stating that the document scanned is from one of the following trusted printers: Lexmark, Epson, HP and Canon. Once the device is infected, a ransom note appears stating that the payment demand depends on how quickly the victim contacts the hackers. Check out Forcepoint.com for a look at the ransom message associated with this scam.

The Better Business Bureau joins with the National Cyber Security Alliance in suggesting the following cyber hygiene defenses:

  • “Don’t click on links from unfamiliar sources. Even if you think you know the sender, be cautious about clicking on email links. When in doubt, delete it. Be especially wary of messages requiring you to act quickly, asking for personal information, or threatening you in any way.
  • Keep clean machines: Prevent infections by updating critical software as soon as patches or new operating system versions are available. This includes mobile and other internet-connected devices.
  • Use strong authentication, requiring more than a username and password to access accounts, especially critical networks, to prevent access through stolen or hacked credentials. Check out Lock down your login for more information.
  • Conduct regular backups of systems: Systems can be restored in cases of ransomware and having current backup of all data speeds the recovery process.
  • Make better passwords: In cases where passwords are still used, require long, strong and unique passwords to better harden accounts against intrusions.”

Source: KnowBe4.com, Forcepoint.com and National Cyber Security Alliance

For more details, check out Massive Phishing Attack on Businesses with Evil New Ransomware Strain. To report a scam, go to the BBB Scam Tracker. To find trustworthy businesses, go to https://www.bbb.org/northern-alabama/.