We’ve seen a rapid increase in e-mail ransom demands and ransom threats in businesses in past weeks.

The attackers encrypt computers or claim to have access or to have encrypted a computer user’s data already.

OPP claim in recent months there has been several ransomware (hack/virus) attacks on businesses and municipal government offices within Ontario.

If you find one day that you cannot access your files, a ransomware attack may have occurred. If you receive a threat that they have access or they could damage your files or reputation, those notifications should be examined by a security professional with your IT support team or company.

Everyone is a target, but individuals tend to be targeted by mass-market ransomware campaigns, while businesses and government offices tend to fall victim of more targeted attacks.

  • WHAT RANSOMWARE AND RANSOM EMAIL DEMANDS LOOK LIKE:  The email will appear to come from you and be addressed to you, the email user.
  • WHAT YOU NEED TO DO:  You should review every one of these emails.  Do not immediately delete them as it needs to be determined if they fit the profile of a ransom request.   If you see this in an email and it is a password you use or sites you visit,  forward the email to your IT provider for their review to ensure that your environment is not compromised.  DO NOT CLICK ON ANY LINKS IN THE EMAIL.  If in doubt, forward the email to your IT support provider for their review.
  • SAMPLE OF EMAIL:  see below

************ Start of email example ************


I’m a member of an international hacker group.

As you could probably have guessed, your account <email address> was hacked, because I sent a message to you from it.

Now I have access to your accounts!

Your password for <your  email address> is <your password>

Within a period from <Date> to <Date>, you were infected by the virus we’ve created, through a website you’ve visited.

So far, we have access to your messages, social media accounts, and messengers.  Moreover, we’ve gotten full dumps of this data.

Transfer $700 to our Bitcoin wallet: 1Lughwk11SAsz54wZJ3bpGbNqGfVanMWzk

If you don’t know about Bitcoin please input in Google “buy BTC”. It’s really easy.

I guarantee that after that, we’ll erase all your “data” 😃 [note:  the “data” the hacker refers to are pictures and videos of you  they claim to have that they are threatening to circulate to your contacts if you don’t pay the ransom]

A timer will start once you read this message. You have 48 hours to pay the above-mentioned amount.

Your data will be erased once the money is transferred.

If they are not, all your messages and videos recorded will be automatically sent to all your contacts found on your devices at the moment of infection.

************ End of email example ************

HOW TO PREVENT THESE RANSOM DEMANDS:  While there’s no guarantee you will never receive one of these demands, there are two things that you and anyone who accesses your computer network can do that will dramatically reduce your risk of getting ransomware and ransom demands:

1. Instituting a complex password policy for ALL users as well as regularly scheduled rules to change passwords (ie every 90 days).

  1. Do not use work email addresses to access personal sites (i.e. Facebook, Yahoo, Amazon, travel sites, shopping, etc) as these sites get hacked.  Use a personal email address to access any non-work related sites.

A few of TAG’s clients received these emails and they had very simple, easy to hack passwords on public sites such as Facebook, Yahoo, etc. These users were using their business email and simple passwords to access these sites.

Hackers have bots working tirelessly 24/7 trying to crack passwords and if you have one that does not contain a mix of upper / lower case letters, numbers, special characters and is at least 8 characters long, you are vulnerable to hackers getting your password, sending ransomware and compromising the security of your entire environment.

When in doubt as to whether a suspicious-looking email could post harm to your environment, it’s best to be cautious and have your IT provider look at the email so they can determine if there’s any risk to your environment.

If you’re not 100% confident your network has the best defense possible against hacker attacks, take advantage of our Cybersecurity Audit (a $497) value.  This audit will reveal your company’s biggest vulnerabilities to hacker attacks, data loss, and extended downtime.

Sign up here https://www.technicalactiongroup.ca/haunted/

At Technical Action Group, we’ve been providing security and business-focused managed IT services for small and medium-sized businesses in the Toronto area since 2003. Contact us today and learn how we can help you turn your technology into your best asset for business growth.