Ransomware dubbed “Locky” is spreading via email, in the form of a Word file attached to e-mail messages. Locky email is translated to various languages and localized by region. E-mails with this type of ransomware may look something like (*click images to enlarge):
Once the Word attachment is opened, users see scrambled content and are asked to enable macros. When/if macros are enabled, the malware spreads, and encrypts nearly all file formats as hash.locky files including any mounted USB sticks and network file shares. Once encrypted, users receive the following:
Locky ransomware typically asks victims to pay between 0.5 and 2 Bitcoins ($208 – $800) for the decryption key.
The antivirus software available thru NYU, Symantec Endpoint Protection, may not provide full protection against all variants of this malware. Google also checks for viruses, and you can see if one has been identified. If so, the Gmail attachment will have “virus found”, as in the image below:
Therefore, if you see .locky extension files appearing on your computer, USB drives, or network shares, you should contact the NYU IT Service Desk immediately at 212.998.3333 or at AskIT@nyu.edu and disconnect the computer from the network. System Administrators who see .locky extension files appearing on their network shares, may look up the file owner on _Locky_recover_instructions.txt file in each folder. It is recommended that you lock these Active Directory user and computer accounts.
The best way to handle such an infection is to restore back-ups from external hard-drives or USB devices. You must wipe the machines before mounting back-up devices, and it is recommended that you check any files synched with services such as NYU Box, DropBox or Google Drive to ensure that these files have not been infected.
Google Chrome is now using Safe Browsing technology to protect browsers from shady websites or deceptive advertising on legitimate sites. This initiative by Google addresses the threat of social engineering, which could involve:
- deceptive download buttons
- an ad on a legitimate website pretending to offer an update
- a warning claiming the system is out of date
- a security alert for Chrome and third-party media players
- an ad posing as a trusted entity, which tries to trick users into sharing credentials
- buttons that mimic tv shows or sports video stream
all of which may be designed to encourage the installation of bogus software or malware.
The following is a Google Chrome warning message associated with deceptive content:
For more information, please see: https://googleonlinesecurity.blogspot.se/2016/02/no-more-deceptive-download-buttons.html
*Please note that these new features are currently available in free Gmail accounts, and are not yet available in Google Apps for Education.
Google has announced new authentication features for Gmail which will make it easier to identify emails that arrive from, or are being sent to unsecured or unencrypted connections. Emails arriving from unsecured connections are potentially harmful, and may be phishing attempts or other malicious campaigns designed to capture user data or information. Emails being sent to unsecured connections are more easily hijacked by third parties.
Gmail on the web now provides users with a visual alert (a lock symbol) when users send/receive email to/from unsecured connections, as follows:
Clicking the lock symbol will display additional information, e.g.,
If you see the red lock symbol when composing a message, do not send sensitive information.
Additionally, a sender’s profile picture is replaced by a question mark when Gmail is unable to authenticate the sender.
If you receive an unauthenticated message, it may be forged. Before replying, or clicking any embedded links, or opening any associated attachments, please confirm message authenticity by contacting the sender directly.
For more information, please see: https://support.google.com/mail/answer/6330403?p=tls&hl=en&rd=1
The following is a Dell Security phishing self assessment tool which will allow you to test, and hopefully refine your phishing detection skills and knowledge.
Once you click the link below, you will be presented with ten sample e-mails in succession. You will have the opportunity to mark each as “Legitimate’ or “Phishing”. Upon completion, you will see your score, and will be able to view the rationale behind why each email was considered legitimate or phishing.
Please feel free to share this link!