This one’s insidious and perfectly timed for the holidays: a malware bomb disguised as an innocent-looking package tracking email:
It’s called cryptolocker ransomware.
Kevin Swindon is with the FBI in Boston.
“I would think about this particular type of malware as what would happen if your computer was destroyed,” Swindon said.
In the past 90 days, thousands of people worldwide have opened a seemingly innocuous link to track a holiday package. Suddenly, all the files on their computer are encrypted.
Joan Goodchild is the editor of “CSO,” Chief Security Officer magazine based in Framingham.
“This is a criminal operation. They are holding your folders and files ransom. We call this ransomware because that is exactly what it is. You need to pay in order to have access to them once again.”
And that’s what the Swansea police department did, paying $750 to unlock their computers. One wonders what happened to the poor schlimazl who first opened that email.
This is also a timely reminder to be careful about what emails you open. I’m sure almost anyone reading this has received “phishing” messages, fakes that look like they’re from real companies, but really want you to log into their fake web site so they can steal your ID and password. Some of them are so badly done, they’re funny, others are pretty slick pieces of work. This is more vicious, hijacking your system and extorting ransom to get it back.
Take my advice: if you receive email from a company where you have an account (such as Amazon, eBay, PayPal, &c…) that looks at all suspicious, don’t open it; instead, forward it to their security address. They’ll let you know if it’s real or not, and they’re very interested in tracking down fraudsters.
To borrow a line from Hill Street Blues, “Let’s be careful out there.”
(Crossposted at Sister Toldjah)