Phishing Attacks Now Have Ransomware Payloads


Do you back up everything each hour when your system is busy, and at least once a day, if it is not? Do you disconnect your backup devices from your system when they are not actually backing up? You may have answered the first question affirmatively. However, if you answered the second, “No, I always keep my backup devices running,” you could be vulnerable to a phishing attack.


Yes, your firewalls are secure, and Kaspersky or some other top antivirus software is watching your back. But you have another exposure that can open your front door to attacks.

Here’s how phishing works: Your employee (or maybe your own child) receives this friendly looking (albeit bogus) email from someone they know or some organization they consider benign. The email has text to the effect “Wow! We really loved this picture of (insert entertainer’s name) at the last concert. Open the attachment (or click this innocent looking link) and see if you agree!”

Whether the email has an attachment or link, two alternative bad things can happen:

1. The disguised .jpg attachment

Everyone knows that a .jpg image is harmless, right? Wrong. Say the title of the image attachment is titled concert.jpg. What scammers actually do is bank on the fact that most computers hide extensions.

The actual file extension is either .exe or .zip. So the file’s name is The zip (or .exe) gets hidden, but click on it and it goes to work. The work can be anything from spraying hostile code to inserting bots that take over your computer and also after your contact list to propagate outward.

2. The little link that could do damage

Click on that link lure and you’ll be taken to a hostile site. The site is waiting to download the equivalent of digital landmines into your system. Or it could be a connection to the Darknet where this guy with a Russian-sounding name is waiting to kidnap your system through the pernicious ransomware attack.

And now, the double ransomware whammy…

Ransomware is not a new threat, having been around for several years. But as potential victims have grown wary of malware, and spam email is increasingly shunted to the junk box, crooks have adapted. Email phishing attachments might go beyond the social and look like an authentic invoice or electronic fax.

According to the FBI, ransomware attacks “are not only proliferating, they’re becoming more sophisticated.” Where they were once just delivered through spam emails, now unwary web surfers can trip over legitimate websites with malicious programming, which takes advantage of unprotected end-user portals.

The ransomware, once introduced, encrypts files on local drives, including anything else hooked up to the system–including backup systems and devices.

A semi-final word about backing up

If, despite all your precautions, a phishing attack is successful and you see that scary ransomware message on your computer monitor, you’ll have but two options: 1) pay the ransom, or 2) restore your system from an uninfected backup source.

Paying the ransom brings no guarantee that whoever is holding your system for ransom will send the decryption code. They might, but they are just as likely to further infect your system with additional malware. However, if you followed the advice to run frequent backups on devices only connected to your system during the backup operation, you can recover. You will only lose data entered or changed after the last backup.

Finally, the importance of a business continuity plan

Nothing will cripple your business like shutting down access to your financial and other proprietary data. The lost revenues and extra expenses can cut deeply into a business’s bottom line, and business disruption insurance won’t cover the intangibles like loss of customer confidence. So a well-designed backup protocol is just one element of an agile business continuity plan.

In the meantime, beware of bogus emails bearing dangerous attachments and links. Even if you know the originator, you can’t be sure they are not sending you a bomb disguised as a smooch.

{company} is the trusted choice when it comes to staying ahead of the latest information on security threats, technology tips, tricks, and news. Contact us at {phone} or send us an email at {email} for more information.

Related Blogs

  • Ensuring HIPAA compliance with Amazon Connect: A Guide for Healthcare SaaS Providers

    Healthcare IT – HIPAA Compliance Best Practices in Amazon Connect Healthcare application providers are responsible for ensuring systems protect patient data to comply with HIPAA regulations. HIPAA...

    Learn More
  • Ensuring Robust Security in Amazon Cloud Environments

    Amazon has the tools and CloudHesive has the expertise to keep your SaaS data safe.   Rock-solid security is crucial in all cloud environments, especially for SaaS platforms, which handle...

    Learn More
  • What You Need to Know about Cloud Security in the Generative AI Era

    Key Takeaways: Find out how generative AI is changing cloud security. Learn best practices for cloud security in the generative AI era.  Discover generative AI tools and techniques for enhancing and...

    Learn More